By Dr. Tim Sandle
DIGITAL JOURNAL
February 28, 2025
Australia's cyber intelligence agency sounded a rare warning Tuesday about the rising threat of state-backed Chinese hackers - Copyright AFP/File I-Hwa CHENG
Following the recent US Defense Information Systems Agency (DISA) breach, the Chief of Digital Identity at Jumio has explained to Digital Journal about the implications this breach has for organisations operating with secure data.
The company, which provides drug and alcohol testing and background checks (to more than 55,000 enterprises and a third of Fortune 500 companies), said it discovered on April 22, 2024, that it was the victim of cyberattack that gave “an authorised third party” access to individuals’ personal information from Feb. 9, 2024, to April 22, 2024, the company said in a notice on its website.
This information has only now come into the public domain. DISA has subsequently filed reports with the Maine and Massachusetts attorney general offices.
This breach impacted more than 3.3 million people. A threat actor hacked into and accessed individuals’ Social Security numbers, financial account information, including credit card numbers, and government-issued identification documents.
In relation to this Philipp Pointner (Jumio) says: “The recent breach at DISA Global Solutions shares an unsettling truth: conventional security controls are no longer sufficient to safeguard sensitive personal information.”
The size and type of attack suggests developing sophistication, as Pointner infers: “As attackers grow increasingly sophisticated — using methods such as deepfakes, AI-created identities, and social engineering — organizations that deal with large volumes of personal information, ranging from Social Security numbers to financial information, need to use stronger and more dynamic security controls.”
Companies need to improve their detection methods, Pointner recommends. He comments: “It’s not only about stopping breaches but also about having the appropriate tools in place to identify anomalies in real time and act on them. Continuous monitoring, complete audit trails and strong identity verification procedures are no longer optional — they’re a necessity for protecting data and preserving trust.”
It is also necessary to bolster security. Pointner is of the view that “As the threat landscape continues to grow more complicated, perimeter defences alone are exposing organizations to risk. Strong security now calls for a layered approach comprising multi-factor authentication, biometric authentication, liveness detection and robust data encryption.”
This will drive security benefits: “Such measures not only prevent unauthorized entry but also mitigate the effects of breaches when they do happen. Sectors such as employee background screening, healthcare and banking — where large-scale data collection is the norm — need to emphasize adaptive risk management solutions that are capable of keeping pace with emerging cyber threats.”
Making people aware is also important, especially for the avoidance of reputational damage. Pointner advises: “Transparency in the event of a breach and clear communication with the affected individuals are also essential for customer trust and regulatory compliance.”
No comments:
Post a Comment