News broke overnight that contact details for more than 10,000 employees of the Departments of Justice and Homeland Security was dumped onto the web Sunday and Monday by anonymous pro-Palestinian hackers. Although the breach was confirmed by a Department of Justice spokesperson, the severity of the hack is so far being played down, with the Departments saying that there is no evidence personal data like dates of birth or social security numbers were compromised.
David Gibson, VP of Strategy and Market Development at Varonis reacts: "The playbook is a cliché -- phish an employee, steal their credentials, scan the local disk and network drives, download interesting files, repeat. All organisations need to expect and prepare for this. Employees usually have access to important data – they need it to do their jobs. A single compromised employee account means an attacker can access that same important data, too. The more data the employee has access to, the bigger the risk -- and unfortunately, most employees have access to far more data than they need to do their jobs. Even additional preventive defenses can be circumvented with a little social engineering. Organisations must start watching and analysing how employees use data and systems to bolster their detective capabilities – think of it like credit card fraud detection for your data. Unusual file and email access should be red flags -- good analytics can help spot these attacks before it’s too late."