Freely subscribe to our NEWSLETTER

"The press release from Fujitsu says that they identified malware on ’multiple business computers’. They now suspect that this malware may have been used to exfiltrate personal data and customer information. This highlights the importance of multiple layers of defense including network detection and response, data access governance (DAG), and endpoint protection along with data loss prevention (DLP) solutions. When all other prevention and detection controls miss the intrusion, an organisation should have the mentioned measures in place to promptly react to the existing threat and block that final exfiltration step.

"Another notable aspect is the proactive breach notification approach that Fujitsu has taken. We don’t know how far they are in their investigation, but according to the press release they’ve notified potentially impacted individuals, customers, and the relevant Japanese authorities. The decision about when and how much to disclose often depends on the organisation’s culture. Some organisations wait to be certain about the scope and the details of the incident before they report anything to avoid any misinterpretations. Others, like Fujitsu, take a more proactive approach and inform potentially impacted customers that there may be a risk of misuse of their personal information. Increasingly tighter breach notification rules we see in various jurisdictions aim to encourage companies to share the information early so that both authorities as well as any impacted parties are aware sooner and can make their own risk-based decisions."