Mitsubishi Electric Confirms Major Data Breach – Expert Commentary

Mitsubishi Electric released a statement today confirming that the company was hit by a data breach dating back to late June last year. It’s speculated that the cyberattack is linked to a Chinese cyber-espionage group, Tick (or Bronze Butler), that is well-known for targeting Japan over the past few years. The unauthorized access was tracked to a compromised employee account. Hackers were also able swipe 200 MB of files by accessing Mitsubishi Electric’s internal systems and networks.

Jake Olcott, VP of Government Affairs,  BitSight
January 22, 2020
These organisations must recognise that their third parties can create risk to themselves and its core operations.
The Mitsubishi Electric data breach once again highlights the need for national organisations such as public services and Government agencies to take a proactive approach to monitoring their own third-party network of suppliers, in any sector. Management of third-party cyber risk is now a priority. These organisations must recognise that their third parties can create risk to themselves and its co ....
[Read More >>]
Dave Weinstein, CSO,  Claroty
January 21, 2020
This incident highlights the degree to which China continues to view industrial espionage.
China has repeatedly demonstrated a propensity to target organisations at the intersection of industry and government, particularly as it relates to the defence sector. While no sensitive infrastructure information was compromised, according to reporting, the compromised personal information will undoubtedly be used to enable subsequent reconnaissance operations not only against Mitsubishi, but a ....
[Read More >>]
Jonathan Knudsen, Senior Security Strategist ,  Synopsys
January 21, 2020
Cybersecurity cannot be effectively managed with a one-time effort, but must be woven into the fabric of each organisation.
As of 2020, essentially every business is a software business in some way, shape, or form. As such, software is critical infrastructure. It is an attractive target for attackers and many organisations have valuable information that must be protected. Software also serves as the foundation for other critical infrastructure, such as utilities, transportation, and healthcare. In these cases the stake ....
[Read More >>]
Jake Moore, Cybersecurity Specialist,  ESET
January 21, 2020
I don’t think firms should hide in anonymity, as there is so much help on offer when it comes to a cyberattack.
When it is not a legality to confess to a breach, many companies would choose to not disclose any information about the hack and instead attempt to keep it hidden in the dark. However, I think we should be moving to a more honest approach: sharing information about data breaches openly. Whatever the size of the attack, I don’t think firms should hide in anonymity, as there is so much help on off ....
[Read More >>]
Greg Wendt, Executive Director ,  Appsian
January 21, 2020
The first line of defense is no longer a network firewall – it’s now the end users.
Business applications and systems have become a frequent target of espionage. Largely because compromising a user’s credential has been identified as the most effective way to access sensitive business information without appearing suspicious enough to trip security alerts. Global companies continue to prioritize traditional network security; however, threats are evolving rapidly and are increas ....
[Read More >>]
Vinay Sridhara, CTO,  Balbix
January 21, 2020
A compromised employee account would not show up on traditional vulnerability assessments.
The attack on Mitsubishi Electric highlights the all too sobering reality that security is only as strong as the weakest link, with connected affiliates and third parties in the supply chain constituting links as well. In this case, it appears that a China-based Mitsubishi affiliate was infiltrated via a compromised employee account. As with many other attacks, that foothold was used to move later ....
[Read More >>]

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :

In this article