A Cruise Line recently disclosed in the past few days that there was a Phishing-based breach affecting an unspecified number of customer accounts in 2019.
As always, it's a matter of luck for the malefactor, because out of the thousands of different vectors for ingress and exploitation that we have to protect every day, they just have to find one random vector.
It seems that the breach was of short duration in 2019 but, again, that's a stroke of luck. Anti-phishing education is fantastic, but human error and the sophistication of some attacks make it a top-tier methodology for attack.
More and more large organizations are waking up to the risk that an open and flat network brings to their reputation and their customers' data. They are trying all of the traditional methodologies of segmentation, but quickly realize that they are expensive, complex, brittle, and extremely difficult to scale.
Exploring the Zero Trust philosophy, there's really only a few ways of employing a solid segmentation initiative without the risk of breaking the network, scaling quickly and safely to an enforced application segmentation model that trusts nothing that isn't implicitly trusted as part of policy.
Interesting? Yes, it is. Intriguing? Yup. Reach out to me if you want to discuss!
Have a great day!
It now appears that between April 11 and July 23, 2019, an unsanctioned third party gained unauthorized access to some employee email accounts that contained personal information regarding our guests.