• Home
  • Advertising
    • Why Advertise
    • Create Your Campaign
  • About
    • About Security on Screen
    • Privacy Policy
  • Webinars
  • Social Wall
  • Contact Us
Saturday, July 2, 2022
No Result
View All Result
  • Login
  • Register

No products in the basket.

Submit News
Submit video
  • Create Your Campaign
  • Product Groups
    • Access Control
    • Biometrics
    • Physical Security
    • Smart City
    • Surveillance
    • Systems Integration
  • Cyber-Security
  • Industry sectors
    • Banking
    • Casinos
    • City Surveillance
    • Data Centres
    • Government
    • Healthcare
    • Leisure
    • Manufacturing
    • Retail
    • Schools and Campus Security
    • Transport
    • Utilities
  • Business News
    • New Technology
    • Opinion
    • People
    • Education & Events
  • Create Your Campaign
  • Product Groups
    • Access Control
    • Biometrics
    • Physical Security
    • Smart City
    • Surveillance
    • Systems Integration
  • Cyber-Security
  • Industry sectors
    • Banking
    • Casinos
    • City Surveillance
    • Data Centres
    • Government
    • Healthcare
    • Leisure
    • Manufacturing
    • Retail
    • Schools and Campus Security
    • Transport
    • Utilities
  • Business News
    • New Technology
    • Opinion
    • People
    • Education & Events
No Result
View All Result
No Result
View All Result

Data breach roundtable | Addressing the Threats

by James Ling
15/04/2021
in Cyber Security, Leisure, Opinion, PRESS RELEASE

Following various reports back in September that Singapore-based hotel management platform, RedDoorz had suffered a data breach, a threat actor is now said to be selling a database from the company containing 5.8 million user records on a hacker forum. Security on Screen’s panel of cybersecurity experts explain what the hotel platform’s security teams and users should be doing to ensure personal details are not further exposed.

“In today’s security landscape, organisations and their security teams are out gunned by the attackers in terms of resources and skills,” says Dan Panesar, Director UK and Ireland at Securonix. “The RedDoorz data breach is particularly nasty as the hackers have gained access and stolen the ‘holy grail’ of information including, personal details, email address, passwords and phone numbers – all the essentials to targeted identity fraud on its customers. Furthermore, if customers have used their work address for example to register with the site again this poses threats to any organisation from a targeted spear fishing attack to plant malware in an attempt to gain unauthorised access to the employer’s network.”

User awareness 

Initially, users of RedDoorz platform are advised to take control of their own safety. “While it’s believed that the data sample did not include any financial data, there is other data that can still be used against individuals,” notes Boris Cipot, Senior Security Engineer at Synopsys. “Email addresses, for instance, can be used in phishing campaigns, where individuals may be lured to give away further personal data. Exposed passwords could also pose a threat if they are reused on other services. As such, do not let your guard down. Do not open email attachments or click on links in emails without thinking twice.”

If users are overwhelmed with the number of services and passwords, a password manager is highly recommended. “These password managers not only help users keep track of their passwords, but they can also be used to generate strong and secure passwords,” adds Chris Hauk, Consumer Privacy Champion at Pixel Privacy. “A strong, unique password is a user’s best weapon against being hit with identity theft or similar online threats caused by data breaches like these.”

In addition, Hauk suggests: “Users should be aware that phishing attacks may be directed against many RedDoorz users as a result of the email addresses leak. They should also keep a close eye on their credit and bank accounts, as well as keep a watch out for any unauthorised accounts being opened in their name.”

The risk of ransomware 

The attack on RedDoorz’ systems further confirms the direction that ransomware gangs have taken recently. “Ransomware authors have increasingly gone after the double extortion attacks for the simple reason that this further encourages their victims to pay,” explains Chad Anderson, Senior Security Researcher at DomainTools. “When sitting on a treasure trove of sensitive customer information, attackers know that the looming threat of privacy laws like GDPR could be more of a financial hit to a firm than simply paying the ransom requested.

“Couple that with the lack of consumer trust from such a breach and you have a rather strong incentive for victims to pay millions to keep their businesses afloat,” he continues. “This all comes of course with an increasing number of businesses paying, further incentivising attackers to use this extra leverage.”

“At this point, every organisation should have a game plan for a successful ransomware attack,” notes Paul Edon, Senior Director of Technical Sales and Services (EMEA), at Tripwire. “As with most cyberattacks, prevention is better than response. Ransomware doesn’t usually succeed because the attacker is highly skilled, but because the defences aren’t in place.

“Take the time to review how hardened your systems are, how trained your staff is, and what your vulnerability profile looks like. If you can’t answer those questions, then build a plan that enables you to get answers.”

Securing a solution 

It appears that for a breach like the RedDoorz case, security teams need to spend less time managing the systems and more time addressing the threats. “One clear way to face threats like this is using behavioural analytics to spot abnormal behaviour before it causes real problems,” suggests Panesar.

“Secondly, using automation to allow the security team to focus only on the severe or real threats can further strengthen security posture. These can both help reduce the burden on security teams, bring better visibility and allow them to respond and react faster to attacks.”

 

Tags: Cybersecurity
ShareTweetShare

Related Posts

British Security Awards announces 2022 winners
Education & Events

British Security Awards announces 2022 winners

OneQode teams with up Corero Network Security to protect customers from malicious DDoS attacks
Cyber Security

OneQode teams with up Corero Network Security to protect customers from malicious DDoS attacks

Seagate and Secure Logiq release recording of surveillance industry storage webinar
PRESS RELEASE

Seagate and Secure Logiq release recording of surveillance industry storage webinar

Euralarm releases revised study on False Fire Alarms in Europe
PRESS RELEASE

Euralarm releases revised study on False Fire Alarms in Europe

KnowBe4 kicks off ransomware awareness month with resource kit
Cyber Security

KnowBe4 kicks off ransomware awareness month with resource kit

Panasas teams up with MLCommons for advanced machine learning
PRESS RELEASE

Panasas teams up with MLCommons for advanced machine learning

Load More

The Tannery, 3a John Street, Tunbridge Wells,
Kent TN4 9RU
All enquiries: +44 (0)1892 525141

  • Home
  • Advertising
  • About
  • Webinars
  • Social Wall
  • Contact Us
No Result
View All Result
  • Login
  • Sign Up
  • Cart
  • Home
  • Why Advertise
  • Create Your Campaign
  • About Security on Screen
    • Privacy Policy
  • Webinars
  • Social Wall
  • Contact Us
  • Business News
    • New Technology
    • Opinion
    • People
    • Education & Events
  • Product Groups
    • Access Control
    • Biometrics
    • Cyber Security
    • Physical Security
    • Smart City
    • Surveillance
    • Systems Integration
  • Industry Sectors
    • Banking
    • Casinos
    • City Surveillance
    • Data Centres
    • Government
    • Healthcare
    • Leisure
    • Manufacturing
    • Retail
    • Schools and Campus Security
    • Transport
    • Utilities

© 2020 SecurityOnScreen.com

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

*By registering into our website, you agree to the Terms & Conditions and Privacy Policy.
All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.