Recently, there has been a new wave of cyber-attacks that have caused quite a stir. From sextortion scams to social security breaches, there has been an insurmountable amount of new cybersecurity threats emerging every single day. Such activity can be very disheartening to those paying attention and can rear its ugly head in more ways than one. Such activities incite fear, and a sense of dread in larger corporations with data to lose. One such of these breaches occurred to Fortinet itself recently and has caused a few alarms to ring in some people’s heads.
A new threat actor, “Fortibitch,” recently claimed on the 12th of September to steal over 440 gigabytes of data from Fortinet’s Azure SharePoint. (2) While this claim is overarchingly scary, the response by Fortinet most certainly eased some tensions. They confirmed that an unauthorized user obtained access to limited files impacting a small number of customers and that they have already reached out to any possible customers whose data could be at risk. (1) They also confirmed that there is no indication of further malicious activity and that Fortinet’s services remain safe to use. At large, this is a relatively minor incident; however, the fear it brings is rather harmful to the industry.
Fear and urgency are the bread and butter of threat actors and are the primary tools for any form of social engineering. This not only works for phishing attempts, but also general cybersecurity as well. (3) While the data stolen from Fortinet’s breach is nominal in the grand scheme of things, it causes distrust to grow in Fortinet and, by proxy, other cybersecurity companies. This makes it all the easier to keep companies from entrusting themselves with safe cybersecurity practices and even distrusting why they may even have Fortinet in the first place. Having a breach happen is scary after all, losing bank information, personally identifiable information (PII), company logistics and practices, and even shutting down the system and stopping the corporation from even functioning. Breaches are very similar in concept to car crashes; no matter how nice the car is, it’s bound to happen eventually. However, not having a secure firewall system and professional cybersecurity team is like driving without a seatbelt, airbags, or insurance. You’ll still crash regardless, but now the breach will likely be far more disastrous, all your data will fly out, and you won’t have anyone to compensate you for said lost data.
Breaches will continue to occur, this is a fact of life, regardless of the resources you may have available. (4) The truth is that you need a Security Operations Center to ensure that your data is as safe as can be, and ones built in-house are easily fallible. Think of it like attempting to build a power plant in house within a cellphone company, it just sounds like a disaster in the making. (4) Be proactive in identifying weaknesses and obtain an assessment of the security posture of an environment to help identify vulnerabilities. These are just a few ways that DefendEdge protects their clients. Breaches do happen; however, they are easily mitigated and can be greatly avoided by calling in the professionals. Only you can ensure the safety of your data by entrusting others to keep it safe with you.
References:
1. Sead, Fadilpašić. ” Fortinet confirms data breach after allegedly refusing to pay ransom” Www.techradar.com, Sep 13, 2024,
https://www.techradar.com/pro/security/fortinet-confirms-data-breach-after-allegedly-refusing-to-pay-ransom. Accessed 3 Oct. 2024.
2. Shweta, Sharma. ” Fortinet confirms breach that likely leaked 440GB of customer data.” Www.csoonline.com, Sep 13, 2024,
https://www.csoonline.com/article/3520517/fortinet-confirms-a-breach-that-likely-leaked-440-gb-of-customer-data.html#:~:text=Fortinet%20has%20confirmed%20a%20data%20breach%20that%20has%20allegedly%20compromised. Accessed 3 Oct. 2024.
3. Dan, Virgillito. ” How Hackers Use Fear and Urgency to Get Your Information.” www.Infosecinstitute.com, 2 Jun. 2017,
https://www.infosecinstitute.com/resources/security-awareness/hackers-use-fear-urgency-get-information/#:~:text=The%20emotional%20impact%20is%20so%20strong%20that%20people%20start%20disproportionately. Accessed 3 Oct. 2024.
4. Emil, Sayegh “Why Companies Are Struggling With Cybersecurity: Big Players In Bad Situations” Www.Forbes.com, 19 Sep. 2023, https://www.forbes.com/sites/emilsayegh/2023/09/19/why-companies-are-struggling-with-cybersecurity-big-players-in-bad-situations/ Accessed 3 Oct. 2024.