Ken Spinner, VP at Varonis comments: “While Macron's campaign documented its defences of previous hacking attempts, et voila, it only takes one successful crafty phishing attempt to cause widespread destruction! It’s too easy for files and emails to be stolen because we're focused on the barriers of entry rather than barricading our data by reducing access and monitoring user behaviour.
The 70,000 emails and files released in the French's version of an October surprise, pulls from the same U.S. election hack playbook, except this time the alleged insertion of fake documents shows a dangerous evolution of this game.
The Macron campaign is not immune to issues affecting many organisations: too much access with too little oversight and detective controls. The recent 2017 Varonis Data Risk Report highlights this issue with over 47% of organisations with more than 1,000 sensitive files open to every employee.
Files that were once useful in their operations to the campaign or personal in nature are suddenly lethal to those same operations. We call this toxic data, anything that is useful and valuable to an organisation but once stole and made public turns toxic to its bottom line and reputation. All you have to do is look at Sony, the Hillary Clinton campaign and the DNC to see the effects of this toxic data conversion.
Organisations need to get a grip on where their information assets are, who is using them, and who is responsible for them. There are just too many unknowns right now. They need to put all that data lying around in the right place, restrict access to it and monitor and analyse who is using it.”