Top Cybersecurity Consulting Company Embarrassed By Data Breach
By: Jim Stickley and Tina Davis
September 27, 2017
When you’re a large consultancy company that is trusted to provide cybersecurity consulting to some of the largest and well-known companies in the world, it can be quite embarrassing when you suffer a data breach yourself. That’s exactly what happened to the “Big 4” accountancy firm, Deloitte. Even worse, it’s possible the attackers made their way into their email server at the end of 2016 and they still aren’t sure they have completely evicted the thieves. To top it off, they waited several months to tell anyone.
The Guardian first reported the breach and several news organizations are reporting details. What is known is that the perpetrators managed to get administrator credentials and go perusing the email server that held the clients’ email messages. In addition to accessing those messages, the intruders were also provided access to network architecture diagrams, usernames, IP addresses, and confidential business and health information. However, with administrator credentials, the crooks pretty much had the keys to the castle.
This is one of those reminders for the IT departments. Stop what you’re doing right now and add multifactor authentication to all administrator logins. While doing that, managers should ensure that only those who need administrator rights have them. The general rule is to keep those with that much access to a minimum for any computer.
Many organizations leave administrator rights enabled on end-user computers. While most users don’t abuse these, the fact that they are enabled unnecessarily is very risky. This goes for mobile devices provided to users as well. The average person rarely needs administrator rights. Whenever possible, those should be disabled and the policy should be that users have what access they need; not even a little more.
Ironically, Deloitte was named the best cybersecurity consultant in 2012 by Gartner in its “Market Share Analysis; Security Consulting Worldwide, 2012” report.