Tuesday, August 17, 2021
“Accenture has 2,500 compromised computers of employees and partners,” Hudson Rock researchers said in an Aug. 11, 2021 statement, claiming threat actors had infected employee computers with malware that helped them eventually gain access to the company’s network. The group threatened to release stolen data unless paid an exorbitant fee, according to sources familiar with the investigation.
Accenture confirmed the attack in an Aug. 11, 2021 statement, but noted it had little impact on the company and that it had fully restored its compromised network. “Through our security controls and protocols, we identified irregular activity in one of our environments,” Accenture representatives stated. “We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from back up. There was no impact on Accenture’s operations or on our clients’ systems.”
Ron Bradley, vice president, Shared Assessments, characterized the Accenture incident as an example of the difference between business resiliency and business continuity. “Business resiliency is like being in a boxing match, you take a body blow but can continue the fight,” he said. “Business continuity comes into play when operations have ceased or severely impaired and you have to make major efforts to recover.”
Bradley went on to say that what is interesting about the Accenture attack is the fact that bad actors exploited a known and published vulnerability. This highlights the importance of making sure systems are properly patched in a timely manner, he stated. “The ability for Accenture to manage the repercussions of potentially stolen data will be an important lesson for many organizations going forward,” he added.
An August 2021 study by Pulse Research and Keyfactor found 94 percent of North American financial services firms failed one or more internal audits related to PKI (public key infrastructure) and digital certificate management over the last two years. Researchers found nearly half (49 percent) of respondents experienced three or four failures, among the 100 IT leaders surveyed.
The Pulse and Keyfactor survey, titled “FinServ Identity and Access Management Trends and Strategies,” provided additional insights on emerging trends in identity and access management (IAM) and the expanding role of machines in organizations’ overall IAM strategies.
Researchers observed few survey respondents deem their key and certificate management strategies sufficiently robust or mature. “[W]hen it comes to their enterprise-wide strategy for key and certificate management, half of tech leaders in finance (50%) believe their strategy is not yet fully mature,” they wrote. “None of these respondents would consider their key and certificate management strategy very mature.”
A complete copy of the report is available at : www.keyfactor.com/resources/finserv-identity-access-management-survey-2021/
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
