Cybersecurity lessons from a pandemic-era data breach
Recently, Matt O’Kane shared insights from a pandemic-related cyber incident in Episode Two of Cyber Horror Stories from First Focus.
During early 2020, hardware shortages forced many companies to adopt flexible device policies.
In particular, an Australian brand encouraged staff to purchase any available computer devices locally. Their marketing director bought a MacBook and used it for work.
“Because it was bought by her and taken back to her, it didn’t go through what a lot of companies would go through, which is setting it up so the marketing director owned the machine,” said O’Kane.
O’Kane further explained why device management is important.
“If you control the machine, you can stop bad software or at least software you’d find undesirable being installed on it.”
Months later, the marketing director’s relationship with the CEO broke down and she was dismissed.
She returned the laptop; however, the device had been factory reset, leaving no forensic data.
Without a backup, no forensic examination can be conducted on the machine.
Nine months after her dismissal, the company received a tip-off that confidential information was being shopped around.
“In Australia, it’s not overt,” said O’Kane.
“It’s usually framed as a signing bonus or an extraordinarily higher paying role than you would ordinarily expect.”
The company wanted to investigate; however, their Microsoft 365 licence did not keep logs long enough to detect the breach.
“If they get a licence that doesn’t give them twelve months of logging or two years of logging, they have a very short window to detect problems.”
“Some logging windows can be as short as seven days.”
O’Kane said companies often undervalue their own intellectual property until it is at risk.
“People think intellectual property protection is just for biotech or medtech companies – but a customer database, sales history, or contract renewal dates – that stuff has value in the hands of someone else.”
He recommended practical cybersecurity measures rather than extreme restrictions.
“We don’t want to create Fort Knox – we want openness with sensible controls around our most important data.”
Make sure to keep an eye out for Episode Three with more cybersecurity lessons from Matt O’Kane.