RISKS

What happened:

In November 2021, Panasonic disclosed a major security breach in which an unidentified threat actor had gained access to its internal network. Hacker(s) had access to the company’s server for more than four months, from June 22 to November 3, before being discovered by the company following abnormal network traffic.

In cooperation with an external security advisor, Panasonic’s investigation confirmed that a third party illegally accessed the file server in Japan via the server of an overseas subsidiary. Panasonic stated that it “immediately implemented additional security countermeasures,” including strengthening access controls from overseas locations, resetting relevant passwords, and strengthening server access monitoring.

In an update published on January 7, Panasonic said some personal information related to candidates who applied for employment or participated in internships at certain divisions of the company was accessed during the incident.

Why is this important?

Failing to quickly identify unauthorized access to their server for over four months gave hackers time to find sensitive information they may not have been able to located with prompt detection of the breach. The extent of this breach may still not be fully known.

What does this mean to me?

Reducing dwell time is critical to stop the threat actors from accomplishing their mission. Detection and containment should be within hours not months. Effective monitoring, alerting, and logging should be a core competency.

APPROACHES

Technology review of monitoring, alerting, and logging solutions, including SIEM, EDR, XDR MDR, IPS, Log aggregation, and threat monitoring.

Helpful controls

Commonality of attack

High

Article on story

Panasonic says hackers accessed personal data of job candidates