Cybersecurity Expert Reacted On Latest SANS Data Breach

In response the SANS cybersecurity training organization’s disclosure of a data breach in which approximately 28,000 records of PII were forwarded to an unknown external email address as a result of a phishing attack, a cybersecurity expert offers perspective and recommendations.


EXPERTS COMMENTS
Chloé Messdaghi, VP of Strategy,  Point3 Security
August 12, 2020
Every company needs to be alert for signs that they’re not sufficiently investing in their teams.
We don’t know if the employee who clicked the bad link (or links) was on the security team or if they were in another function such as sales, marketing or operations. If they were not on the security side of SANS, there’s a likelihood that they were apathetic about cybersecurity because they’ve never had something like this happen to them before. If the phishing target was someone not on the ....
[Read More >>]
Niamh Vianney Muldoon, Senior Director of Trust and Security, EMEA,  OneLogin
August 13, 2020
The SANS Institute data breach demonstrates that no organisation is exempt from cyber attacks.
The SANS Institute data breach demonstrates that no organisation is exempt from cyber attacks. Security awareness training is fundamental to tackling phishing attempts but this needs needs to be continually implemented, ensuring employees are aware of the latest threats. It should not be a one-off instance. Individuals should also apply the S-T-O-P principle: (1) Stop- (2) Take a Deep Breath- (3) ....
[Read More >>]
Jamie Akhtar, CEO and Co-founder,  CyberSmart
August 13, 2020
Phishing attempts often use the name of someone they know (a colleague or friend, for example) but with the wrong domain address.
It is ironic and disappointing to see this happen to a cybersecurity training organisation, but not all that surprising. The majority of breaches like this are through employee error within companies. Phishing attacks are becoming increasingly sophisticated in the ways that they masquerade as legitimate sources and while anti-phishing software can help stop many of them, others will always get thr ....
[Read More >>]
Jake Moore, Cybersecurity Specialist,  ESET
August 13, 2020
Companies must limit the amount of employees who have access to personal information to reduce the possibility of a breach.
Phishing scams remain extremely common, and this latest breach shows that cyber criminals are not even afraid of cyber security institutes when targeting organisations. Clever spear phishing attempts are designed to deceive even those who are aware of them; in the moment when reading something which mounts pressure on you to verify or give up information, it can be easy to trip up and overlook a s ....
[Read More >>]
Troy Gill, Manager of Security Research ,  AppRiver
August 13, 2020
On July 17th Emotet returned with a vengeance from the hiatus they had been on since February.
This goes to show that no organisation is immune to cyber attacks, in particular phishing. Not even an organisation as trusted and qualified as SANS. Malicious actors with a variety of different motivations are known to engage in this sort of activity. They may also have been planning a BEC (or ATO) type of scam, such as a wire fraud. Or they may have been looking to utilise the account to launch ....
[Read More >>]
Ilia Kolochenko, CEO,  ImmuniWeb
August 13, 2020
Attackers will now gradually focus their attention on cybersecurity companies and organizations to get their clients' privileged information.
I don’t think that we should hold SANS accountable to the same standard of security and data protection as we impose on, let’s say, financial institutions and other highly regulated industries. Otherwise, their training would become exorbitantly expensive and few organizations will be able to afford them, causing a domino effect of global insecurity and poor awareness. Like many others, SANS s ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article