Breach Notification , Governance & Risk Management , Multi-factor & Risk-based Authentication
ISMG Editors: How Did Medibank's Lack of MFA Cause a Breach?
Also: Critical Infrastructure Security and Fortinet's Latest AcquisitionIn the latest weekly update, Information Security Media Group editors discussed critical infrastructure security challenges, a report on the 2022 Medibank breach that compromised personal data for 10 million people, and Fortinet's acquisition to integrate Lacework's cloud-native security into its Security Fabric and SASE platform.
See Also: Conversational Cyber Insurance: How Cybersecurity and Cyber Insurance are Interwined
The panelists - Anna Delaney, director, productions; Tom Field, senior vice president, editorial; Michael Novinson, managing editor, ISMG business; and Marianne Kolbasuk McGee, executive editor, HealthcareInfoSecurity - discussed:
- Key takeaways from an interview with ICS security program manager John Ballentine of the Port Authority of New York and New Jersey detailing the transportation service's transition from an IT-focused approach to an OT-specific approach;
- How Medibank's lack of multifactor authentication on its global VPN enabled a threat actor to use stolen credentials from an IT services contractor to breach the company's IT systems in 2022, affecting nearly 10 million individuals, according to Australian regulators;
- Challenges and opportunities stemming from Fortinet's recent acquisition of cloud security vendor Lacework.
The ISMG Editors' Panel runs weekly. Don't miss our previous installments, including the June 7 edition on the Infosecurity Europe Conference 2024 wrap-up and the June 14 edition on AI and the expected data drought.