Connect with us

Hi, what are you looking for?

Tech & Science

Workforce provider stumbles under cyberattack

The incident left multiple public and private sector customers reliant on its software with their own operational problems.

Photo by Joshua Woroniecki, <a href="https://unsplash.com/s/photos/laptop?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText">Unsplash</a>
Photo by Joshua Woroniecki, Unsplash

Workforce management and human capital management cloud provider Kronos recently became the target of a ransomware attack. The scale of the incident forced the company’s servers offline. Although the targeted infrastructure -the Kronos Private Cloud – was secured with firewalls, multi-factor authentication and encrypted transmissions, threat actors were still able to breach their systems.

The incident left multiple public and private sector customers reliant on its software with their own operational problems, according to The Stack.

Looking at the issue for Digital Journal is Nick Tausek, Security Solutions Architect at Swimlane.

According to Tausek the rogue elements were able to work their way around the security infrastructure of the firm, as he notes: “Kronos Private Cloud was secured yet cybercriminals were still able to breach and encrypt its servers. While it’s unclear exactly how the breach took place, Kronos predicted that their Private Cloud solutions would be unavailable for a number of weeks.”

Private cloud solutions (sometimes referred to as the ‘corporate cloud’) is a system that allows companies to architect a data center by using software-defined networking and virtualization. Under this type of system, all hardware and software resources are dedicated exclusively to, and accessible only by, a single customer.

Tausek notes that the extended shutdown presented challenges to the organization, as it would to any firm seeking to process pay, bonuses annual leave.

Tausek recommends that companies learn from the incident and put in place robust measures to prevent recurrence. Tausek states: “To lessen the chance of attacks like this happening in the future, companies should consider implementing one all-encompassing platform that centralizes detection, response and investigation protocols into a single effort and helps security teams automate certain tasks.”

He advises further: “By leveraging the power of low-code security automation, companies can respond to more alerts in less time, vastly decreasing the risk of a targeted ransomware attack without increasing the workload on security operations staff.”

Low-code software development is a well-established process that delivers applications faster than traditional approaches. The approach now forms part of the set of cybersecurity tools available to businesses. The automation part helps to address the continual issue where security teams are challenged to keep up with the deluge of tasks associated with security processes, impacting across the entire organization.

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Business

Ford iMotor Co. ssued recalls, totaling 350,000 vehicles that include some Ford Expedition and Lincoln Navigator SUVs.

Life

Health authorities in North America and Europe have detected dozens of suspected or confirmed cases of monkeypox since early May.

Business

The US government will fly in baby formula on commercial planes contracted by the military in an airlift aimed at easing the major shortage.

Life

Turkish President Recep Erdogan is taking an increasingly tough line against Finland and Sweden's membership bids,