The U.S. defense contractor Electronic Warfare Associates (EWA) has disclosed a data breach. This incident came after threat actors hacked their email system and stole files containing personal information.
The company claims the breach’s impact was limited but confirmed that the threat actor managed to exfiltrate files containing sensitive information. However, a data breach on the firm’s email systems may have also compromised military technology secrets as EWA develops and designs these products internally.
Looking into the matter for Digital Journal is Troy Gill, Senior Manager of Threat Intelligence at Zix | AppRiver.
Gill says that the specific incident is indicative of the threat posed by the nature of business that some organizations engage in. With this context, Gill notes: “Organizations that work closely with the government are increasingly being targeted by cybercriminals hoping to access the incredibly sensitive and valuable information their possess.”
Such firms are attractive for multiple reasons, explains Gill: “Not only do they house sensitive information of employees, but they also hold top secret files of government projects like in the case of EWA.”
This means that additional cybersecurity measures are needed, as Gill points out: “Organizations that handle such valuable information must ensure they are taking appropriate measures to protect their data, especially in a remote world where so much of our information is shared via email and lives on the Internet.”
Gill adds that: “To prevent a data breach like this, organization need to implement two-factor authentication, which provides an extra layer of security by making users confirm their identity, and leverage end-to-end email encryption for any messages containing confidential or personally identifiable information.”
There are cultural aspects to consider too, says Gill: “Employees should also be encouraged to never reuse the same password on different services, because if the service is compromised, attackers will try that same password for others. Most importantly, organizations should continuously audit their email environments.”
As to how such issues can be identified, Gill recommends a Microsoft Office 365 Security audit. This structured approach “can provide critical insights into possible compromised accounts as well as if there is activity on accounts that should no longer be active.”
Gill makes other best practice recommendations too: “Another common activity that many don’t consider risky is file sharing. Often when a file is too large to share securely over email, many instead use a simple and convenient file sharing platform that is a part of their current workflow like Google Drive, a personal file sharing account like Box or just sending the files over Zoom chat. This leads to increased risk of malware, hacking and loss or exposure of sensitive information.”
Gill concludes, making the point: “Organizations should stress the importance of securely sharing files to their employees and use solutions that allow for easy and secure file sharing.”