Connect with us

Hi, what are you looking for?

Tech & Science

Gone phishing? Defense sector shaken by data breach

Defense firms are becoming firms are attractive to rogue actors for multiple reasons.

A US unarmed prototype hypersonic missile launches from Pacific Missile Range Facility, Kauai, Hawaii. — © AFP/File
A US unarmed prototype hypersonic missile launches from Pacific Missile Range Facility, Kauai, Hawaii. — © AFP/File

The U.S. defense contractor Electronic Warfare Associates (EWA) has disclosed a data breach. This incident came after threat actors hacked their email system and stole files containing personal information.

The company claims the breach’s impact was limited but confirmed that the threat actor managed to exfiltrate files containing sensitive information. However, a data breach on the firm’s email systems may have also compromised military technology secrets as EWA develops and designs these products internally.

Looking into the matter for Digital Journal is Troy Gill, Senior Manager of Threat Intelligence at Zix | AppRiver.

Gill says that the specific incident is indicative of the threat posed by the nature of business that some organizations engage in. With this context, Gill notes: “Organizations that work closely with the government are increasingly being targeted by cybercriminals hoping to access the incredibly sensitive and valuable information their possess.”

Such firms are attractive for multiple reasons, explains Gill: “Not only do they house sensitive information of employees, but they also hold top secret files of government projects like in the case of EWA.”

This means that additional cybersecurity measures are needed, as Gill points out: “Organizations that handle such valuable information must ensure they are taking appropriate measures to protect their data, especially in a remote world where so much of our information is shared via email and lives on the Internet.”

Gill adds that: “To prevent a data breach like this, organization need to implement two-factor authentication, which provides an extra layer of security by making users confirm their identity, and leverage end-to-end email encryption for any messages containing confidential or personally identifiable information.”

There are cultural aspects to consider too, says Gill: “Employees should also be encouraged to never reuse the same password on different services, because if the service is compromised, attackers will try that same password for others. Most importantly, organizations should continuously audit their email environments.”

As to how such issues can be identified, Gill recommends a Microsoft Office 365 Security audit. This structured approach “can provide critical insights into possible compromised accounts as well as if there is activity on accounts that should no longer be active.”

Gill makes other best practice recommendations too: “Another common activity that many don’t consider risky is file sharing. Often when a file is too large to share securely over email, many instead use a simple and convenient file sharing platform that is a part of their current workflow like Google Drive, a personal file sharing account like Box or just sending the files over Zoom chat. This leads to increased risk of malware, hacking and loss or exposure of sensitive information.”

Gill concludes, making the point: “Organizations should stress the importance of securely sharing files to their employees and use solutions that allow for easy and secure file sharing.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Life

This transmission electron microscope image shows SARS-CoV-2—also known as 2019-nCoV, the virus that causes COVID-19—isolated from a patient in the U.S. Virus particles are...

Life

If all this very basic information makes the point that these drugs are truly bad, that was the good news. The news for users...

World

WikiLeaks founder Julian Assange will learn Monday whether he can appeal to Britain’s Supreme Court against a High Court ruling.

World

French designer Thierry Mugler, who reigned over fashion in the 1980s, died on Sunday at the age of 73 of "natural causes".