LockBit 2.0, a ransomware gang, advertised six terabytes they gleaned from Accenture in a Accenture ransomware attack. Accenture publicly announced that it discovered the ransomware attack on July 31. Accenture added that the data was not sensitive, and represented draft materials that were prepared for clients.
Why is this important?
It appears that Accenture was able to respond to the issue rapidly. But more than that … imagine having six terabytes of data that was non-sensitive all subject to a data breach. That sounds like evidence of an effective data classification
What does this mean to me?
Cybersecurity and information security are defense-in-depth strategies. So even if your network is hit by ransomware or a data breach in general, network micro-segmentation, a strong and enforced data classification program, and principles of least privilege can still save the day.
Malware – Ransomware
Organizations who rely on one or few controls to protect data and files.
A multi-layer approach to securing information should include:
- A data classification program.
- Least privileges assigned to users and end-user systems.
- Micro-segmentation to enforce data classification.
- Multifactor authentication (MFA) on sensitive information.
- Policy-based access control through IAM.
- DLP on the network and end-user workstation.
For the win … conduct a security architecture review against the new CIS Community Defense Model to determine how well your layers of defense protect your data and systems.
Commonality of attack