Panasonic Corporation, a Japanese consumer electronics giant has concurred that a third-party accessed its file server on its network on November 11, 2021. A global press release states that through an internal investigation, it was established that some data on a file server had been accessed by a third-party during the intrusion. After detecting the unauthorized access, the company immediately reported the incident to the relevant authorities and implemented security countermeasures, including steps to prevent external access to the network.
“In addition to conducting its own investigation, Panasonic is currently working with a specialist third-party organization to investigate the leak and determine if the breach involved customers’ personal information and/or sensitive information related to social infrastructure,” the release states.
— RW-CERT (@RWCERT) December 1, 2021
There has been a spate of incidents of premeditated attacks on huge consumer goods organizations. The IKEA reply-chain mail attack being the most recent incident. In all these incidents the level of breach and damage is yet to be ascertained and established. And a common pattern observed in these breaches is that the attacks have been active for a few months (with the attackers lying low and observing the system), but were discovered much later only through internal investigations as claimed by most company statements.
Could it be a control failure?
According to the Panaseer 2022 Security Leaders Peer Report, control failures are behind a growing number of security incidents at large organizations. The report reveals that an increase in tools and manual reporting combined with control failures are contributing to the success of threats such as ransomware, which costs organizations an average of $1.85 million in recovery.
The report states, “Currently, only 36% of security leaders feel very confident in their ability to prove controls were working as intended. This is despite 99% of respondents believing it’s valuable to know that all controls are fully deployed and operating within policy, and cybersecurity control failures are currently being listed as the top emerging risk in the latest Gartner, Inc. Emerging Risks Monitor Report. Attacks only succeed when they hit systems that haven’t been patched or don’t have security controls monitoring them.”
Frequent review of the security posture, installing updates and patches may be a small step in the right direction to secure your networks and systems to avoid the cyber sword dangling in the air.