Tech Giant GE Discloses Data Breach – Experts Reaction

Fortune 500 technology giant General Electric (GE) disclosed that personally identifiable information of current and former GE employees, as well as beneficiaries, was exposed in a security incident experienced by one of its service providers. GE says in a notice of data breach filed with the Office of the California Attorney General that Canon Business Process Services (Canon), a GE service provider, had one of their employees’ email accounts breached by an unauthorized party in February.


EXPERTS COMMENTS
Stuart Reed, VP ,  Nominet
March 27, 2020
If your organisation has good cybersecurity standards, partnering with other businesses brings with it additional cyber risks.
The General Electric data breach demonstrates that even if your organisation has good cybersecurity standards, partnering with other businesses brings with it additional cyber risks. The leaked information includes sensitive data such as direct deposit forms, drivers’ licenses, passports, birth, marriage and death certificates, potentially compromising names, addresses, bank account numbers and ....
[Read More >>]
Tim Mackey, Principal Security Strategist,  Synopsys CyRC
March 25, 2020
Businesses are under constant attack.
Our modern digital economy is fundamentally a supply chain where the organization we do business with is itself powered by countless other organisations. In this case, GE contracted with Canon Business Process Services as part of GEs benefits program. This relationship entitled Canon to access sensitive GE personnel records as part of its contract with GE. The breach occurred when an attacker gain ....
[Read More >>]
Jonathan Deveaux, Head of Enterprise Data Protection,  comforte AG
March 25, 2020
Continued awareness training, education, and communication can help reduce the likelihood of humans clicking on malware-laced links.
It seems no matter how much Training and awareness that is provided, the human element remains the weakest link in the cybersecurity chain. The problem is not entirely the employees’ faults, as hackers and attackers are improving their tactics to trick employees into clicking on links infected with malware. A determined attacker may go as far as designing an email to look authentic and even read ....
[Read More >>]
Jonathan Deveaux, Head of Enterprise Data Protection,  comforte AG
March 25, 2020
Jonathan Deveaux, head of enterprise data protection at comforte AG
"It seems that no matter how much training and awareness is provided, the human element remains the weakest link in the cybersecurity chain. The problem is not entirely the employees’ faults, as hackers and attackers are improving their tactics to trick employees into clicking on links infected with malware. A determined attacker may go as far as designing an email to look authentic and even rea ....
[Read More >>]
Niamh Vianney Muldoon, Senior Director of Trust and Security, EMEA,  OneLogin
March 25, 2020
Organisations need to implement a security first culture.
Interestingly in this case it was not GE, but one of their service providers Canon, that suffered the data breach resulting in GE employees’ personally identifiable information being disclosed. According to Canon an unauthorised party gained access to an email account that contained documents of certain GE employees, former employees and beneficiaries. This highlights the fact that organisation ....
[Read More >>]
Elad Shapira, Head of Research,  Panorays
March 25, 2020
This cyber incident underscores why it’s so important for companies to thoroughly assess their service providers’ cyber posture.
GE’s recent data breach through its service provider, Canon Business Process Services, illustrates how large enterprises can be vulnerable to cyberattacks through their third-parties. In this case, the sensitive data of GE employees, former employees and beneficiaries was exposed through a breached Canon employee email account. This could have occurred either through malware on the employee’s ....
[Read More >>]
Roger Grimes, Data-driven Defence Evangelist ,  KnowBe4
March 24, 2020
A ton of business is conducted using email. Most of us take email systems and the security they do or don’t provide for granted.
While I’m usually a bit numb to the latest data breach, the sheer variety of exposed information is unique. GE and Canon haven’t disclosed how the breach occurred but what has been released seems to indicate that it likely was accomplished using a standard credential phishing attack or due to credential reuse on another site. Either way, both are fairly common types of attacks and should be we ....
[Read More >>]

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :




In this article