In a recent update, Panasonic has verified that hackers accessed personal information belonging to job candidates and interns during a November cyberattack

Back in December, the company confirmed a third party illegally accessed a file server in Japan via the server of an overseas subsidiary. In the update, the company stated there was no evidence of unauthorized access to business systems other than the file server in question. 

After investigating the impact of the unauthorized access, which allegedly occurred between June 2021 and November 2021, the company also confirmed that the adversaries obtained files containing unspecified “business-related information” provided by business partners, as well as information about business partner personnel. 

In addition, the company says it has taken measures based on the potential of data being leaked. After detecting the unauthorized access, Panasonic implemented additional security countermeasures, including strengthening access controls from overseas locations, resetting relevant passwords and strengthening server access monitoring. The company says it will continue to reinforce its information security measures and adopt measures to enhance the monitoring, control and security of networks, servers and PCs throughout its global operations. 

Adir Gruss, Field CTO, Laminar, says, “The shift to the cloud and to the developer over the past few years has created a landscape for organizations to have data stores everywhere, and unfortunately, many companies do not know where their sensitive data is located in the cloud. You cannot protect what you can’t see. To safeguard against a majority of today’s cyberattacks, organizations must have complete observability of their data in order to protect it. With monitoring and control of valuable data, data protection teams will regain the clarity they need to keep up with the fast-paced cloud environment. “

Gal Helemski, CTO and co-founder of PlainID, says, “When it comes to breaches, identity is still the number one challenge. Organizations must adopt a ‘zero trust’ approach, which means trusting no one — not even known users or devices — until they have been verified and validated. Access policies and dynamic authorizations are a crucial part of the zero trust architecture; they help to verify who is requesting access, the context of the request, and the risk of the access environment. Instead of pouring more money into a shotgun approach to security, organizations need a more focused strategy to purchase the highest reward tools. Identity and authorization are where the smart money should be going. If we assume hackers are already in the network, it makes sense to focus budgets on restricting movement inside the network.” 

Danny Lopez, CEO, Glasswall, says, “Organizations need to adopt robust processes for onboarding and offboarding employees and affiliates that may receive access to key information systems. It’s vital to control privileged access and monitor those who enjoy that administrator privilege. Ensuring that multi-factor authentication is enforced wherever possible is a vital defense where user credentials find their way into the public domain. This will help limit the blast radius and defeat the data breach in most cases. Attacks like these caused by illegal access demonstrate that a traditional castle-and-moat approach to network security exposes organizations. Zero trust security sees the world differently. No one is trusted by default, regardless of whether they are inside or outside a network. In a world where data can be held amongst multiple cloud providers, it is crucial to strengthen all processes relating to access verification. Without a zero trust approach, organizations run the risk of attackers having a free reign across a network once they are inside.”