Accellion Data Breach – Impact on Australian organisations

Richard Marr, General Manager, APAC, Auth0

Since the emergence of the Accellion data breach in December, we have seen a number of Australian organisations subjected to attacks. The latest is Transport for NSW  currently undertaking investigation to understand the full impact of the breach, including how customer data has been affected.

As public users and consumers give more of themselves away online to access digital services, they expect that their data is safe. With the complexity of today’s attacks, one tactic alone is not enough. As credential-related attacks rise, it is up to organisations to:

1. Prioritise cybersecurity awareness training: Many cyber threats can be prevented by creating a security culture within your organisation and offering security education and awareness training — this can be as simple as offering trainings on how to create workable, healthy password management habits or as specific as how to recognize certain attacks like phishing or credential stuffing and best practices for mitigating these types of attacks. A regular cadence of security education and support is priority number one.
2. Utilise password managers: Healthy password management habits such as stressing the importance of using complex, unique passwords for each different account and using a password management is an easy next step. Using password managers can be a great option for protecting against potential threats and attacks, as they help mitigate the risk of compromise by addressing the most common way an account gets hacked: weak credential (username and password) selection along with credential reuse. Password managers act as a password generator providing new and unique passwords for every new login you create and securely stores these credentials for you so you don’t have to worry.
3. Multi-factor authentication is a must:To make your threat prevention and mitigation techniques sustainable, introduce multi-factor authentication (MFA), which introduces an extra layer of security (and more friction for suspicious users when it’s most necessary), making your practices smarter and it that much harder for a hacker to compromise accounts at scale. Instead of triggering MFA every time a user logs in, trigger it only when it makes sense. If you’re an Australian organisation company and most of your user base is in the U.S., but you see huge spikes in traffic from Vietnam or Thailand, ask for additional verification.
4. Invest in proactive threat detection: The ability to detect discrepancies is vital for any business looking to prevent automated attacks. Organisations that have not already prioritised identity and threat detection technology should start, and those that have, need to make sure they are optimising their solutions for the best results. Detection is about stopping hackers before they get in, so it is important to have security solutions and threat intelligence capabilities that monitor various risk signals such as detecting login anomalies and stopping malicious attempts to access your application (blocking traffic from certain IPs, displaying CAPTCHA, or triggering MFA). A strong identity management platform with the capabilities to correlate numerous data sources and risk signals to identify and mitigate bot-driven attacks before login is business-critical.
5. Look for customisable security solutions:Organisations are often apprehensive that cybersecurity will take away from user experience. What makes things more difficult for hackers to access an account can sometimes make it harder for legitimate users to access their accounts, if not done correctly. Organisations should invest in solutions that allow for a more balanced, extensible approach to security and user experience. Adaptive authentication (such as CAPTCHA implementation for suspicious login behavior) allows organisations to create friction only when needed, resulting in a positive user experience without compromising on security.

Cyberattacks will continue to evolve, and preventing and mitigating attacks will only become harder, requiring security tactics to transform as well. While the ongoing pandemic has driven initiatives in the public sector to rationalise IT processes while implementing network security enhancements, education and the use of a layered security approach will better prepare organisations for the threats.