Expert Comment - Nokia subsidiary data breach
August 2021 by Todd Carroll, CISO at CybelAngel
Following the news that Nokia subsidiary has disclosed a data breach, Todd Carroll, CISO at CybelAngel comments the following:
“Large firms like Nokia and their network of subsidiaries, vendors, and partners are a perfect target for ransomware attacks as they work with a broad customer base and hold lots of highly sensitive information. Unfortunately, this isn’t the first nor the last ransomware attack they’ll face. Companies must invest in incident response capabilities and a preventative approach to cybersecurity must be the highest priority. Making sure they can detect entry points, in the form of open ports, vulnerable devices, exposed services and unsecured keys (API keys, login/passwords and all types of credentials exposed on the web) is essential.
Following the attack, further data leakage should also be prevented. Organisations must reduce their digital risk by constantly scanning for leaked documents outside the enterprise perimeter. This can include monitoring connected storage, open databases, cloud applications, and the Dark Web to detect and resolve external risks quickly, before they are exploited”.