I’ve written and spoken about security many times, but usually I have been suggesting to people what they might consider doing or not doing in order to keep their data safe. Even if everyone took my advice, I would still be worried whether they were completely secure because it’s a continual arms race between the hackers and the large organizations that use mainframes to maintain their security and keep their data safe. New software updates are installed that might contain previously-unknown backdoors. Patches to lock those back doors aren’t always installed quickly enough, so bad actors can use them. Staff members still click on attachments to emails that trigger malware, or they click on links and receive unexpected drive-by malware on their laptops. And there are numerous other ways that the bad actors can get onto your mainframe including, probably, new ones that most of us haven’t heard of yet!
But once you
have been hacked, once the bad actors have accessed your computers, exfiltrated
your data, encrypted your copy of the data, and left a ransom demand, what
should you do? Let’s take a look at how one company dealt with a massive loss
of data. It’s been in the news, so I don’t feel I need to keep its name secret, it’s NTT
Data Romania.
NTT – Nippon
Telegraph and Telephone – was established as a state monopoly in 1952 to take
over the Japanese telecommunications system that was being operated by
AT&T. NTT was privatized in 1985 to encourage competition in the country's
telecom market.
NTT Data is a
Japanese multinational information technology service and consulting company
that originated in 1988. It is a partly-owned subsidiary of NTT. It acquired
Keane Inc in 2010 and Dell Services in 2016, and other international companies.
NTT Data mainly services non-NTT Group companies. NTT Data Romania was formed
in 2000.
That’s a little
bit of the company’s history. So, why am I discussing it as something we could
all learn from in terms of a cyberattack?
RansomHub, the
ransomware group, claimed that they had exfiltrated (stolen) 230GB of sensitive
data from the company during an attack that was first detected on 14 June. The
bad actors set a ransom deadline of 5 July or else they would publish the data
they had stolen.
So, what would
your company do if it happened to you? Would you alert your chief financial
officer to get ready to pay out a huge amount of money in compensation and
fines? Or would you decide to keep quiet about everything? NTT DATA Romania
officially denied that a ransomware attack took place. They said in a statement
to Romania Journal, “No ransomware attack. While there has certainly
been some suspicious activity detected relating to a legacy server, the quick
response taken by our security team prevented any further damage.
“On 14th June,
suspicious activity was detected by our security monitoring team on a legacy
server, separate from our corporate network. We immediately activated our
Incident Response protocols and rendered the entire environment completely
inaccessible and inactive.
“Additional
measures to mitigate any further risk and protect the data of our customers
were also activated. At this time, there is no visibility that client data has
been affected.
“We are
conducting an in-depth investigation into the situation and take the security
of our client data very seriously.”
Who, within an
organization, do you think would decide to keep quiet about a ransomware
attack? In this case, three internal messages were sent by the CEO, Maria Metz,
on 17, 18, and 24 June. Apparently, the first message confirmed the penetration
and compromise of several platforms and services, and asked employees not to come
to the company's offices, because they wouldn’t be able to access the data
networks. Employees were also asked not to tell anyone outside the company
about this crisis, including customers, suppliers, partners, the press, or
other people.
You might call
me cynical, but I don’t think that plan is going to work, do you? People
naturally talk – especially when everyone asks them why they’ve not gone into
the office.
With what
you’ve seen already, you’ll not be surprised that the company denied the
severity of the situation. In response to that, the hackers posted samples of
the data, which apparently includes accounting, financial planning, and internal
documents of every type and purpose. There’s also personal and recruitment data,
project and business data, backup files, client and financial data, as well as legal
documents.
You might be
thinking, “poor old NTT Data”, but NTT companies seem to be having a bad time
recently. NTT West’s president Masaaki Moribayashi resigned in March, following
the leak of data relating to 9.28 million customers, which became known in
October last year. And now NTT Data Romania in June this year.
I guess no-one
wants to publicize their failings, and organizations are the same. However,
there comes a time when the optics of owning up and taking steps to remediate
the problem and appease the customers whose data has been stolen seems a better
approach than trying to deny anything happened and asking staff to keep silent.
I’m sure any stranger standing in the middle of a local supermarket or bar
could have gathered the who story quickly enough by listening to what people
were chatting about.
The other thing
is that if your organization is hacked and you fix the problem, and then tell
every similar organization how they could be hacked and what they need to do to
prevent the same problem occurring to them, you now seem like one of the good
guys, don’t you think?
The NTT West
hack was, it’s claimed, an inside job. If NTT Data Romania’s was also an inside
job, it should make senior staff wonder about the culture within their
organization, and the quality and dedication of the staff working for that
organization – including in senior management. Customers of NTT Data Romania
must be waiting to for their information to start turning up of the dark web,
and are probably discussing with their lawyers what sort of compensation they
should be demanding from the company. And at the back of their minds, they must
be wondering, if NTT Data Romania is keeping quiet about something big like a
data loss on this scale, what else is it not telling them?
No comments:
Post a Comment