JTB Hack Underscores Need For Revamp Of Cybersecurity

Following the news that Japan’s largest travel agency JTB Corp having 7.93 million passport details, home and email addresses stolen by hackers, Guy Bunker, Senior Vice President at Clearswift commented below.

Guy Bunker, Senior Vice President at Clearswift:

Guy Bunker

“While the company can’t blame the employee for opening the email, the company is itself to blame and cannot shirk its responsibility. The increasing use of embedded malware in innocuous looking documents is not something which can be glossed over – there have been many incidents recently, especially with ransomware and in the healthcare sector. There is a need for businesses to look for solutions to mitigate this issue today, rather than waiting to be attacked. There are a number of potential solutions out there with structural sanitization and sandboxing being the two front runners.

“Sandboxing is an old style solution, and as such is more expensive to implement and run than sanitization. Structural sanitisation automatically removes embedded active content from documents, removing the threat but not delaying delivery of the email and/or content so using this as part of a Data Loss Prevention Solutions for email and for the web is important here. As this problem is not just related to emails with attached documents but also with documents which are downloaded from the web, where reputable sites, especially cloud collaboration sites are being used to dupe users into downloading the malware infected documents.

“Organisations owe it to their employees and their customers to protect themselves against these types of attacks, and do it today not wait until they fall victim themselves.”

About Guy Bunker
Guy BunkerGuy has over 20 years’ experience in information security and IT management. Before joining Clearswift in 2012, Guy was a Global Security Architect for HP. He has recently authored a paper on security for the Elsevier Information Security Technical Report and co-authored the European Network and Information Security Agency (ENISA) report on cloud security. Previously, Guy was Chief Scientist for Symantec and CTO of the Application and Service Management Division at Veritas. Guy is a frequently invited speaker at conferences, including RSA, EuroCloud and InfoSec. He is a spokesperson for The Open Group’s Jericho Forum and an expert for the European Network and Information Security Agency (ENISA). Guy is a board advisor for several small technology businesses and has published books on utility computing, backup and data loss prevention. He holds a number of US patents and is a Chartered Engineer with the IET.
In this article