06 April 2022
British organisations are on high alert after the cybersecurity company they rely on to provide access to their networks may have been affected by a cyberattack on the company.
US-based Okta said the “worst case” was 366 of its clients had been affected and their “data may have been viewed or acted upon” - its shares fell 9% on the news. The company has more than 15,000 clients - from big companies, including FedEx, to smaller organisations, such as Thanet District Council, in Kent.
South American ransomware group Lapsus$ is understood to be behind the attack.
The group has previously claimed to have broken into some high-profile companies, including Microsoft. In a blog post, the software giant said Lapsus$ had gained only limited access, after compromising a single account, but no customer code or data was involved.
Okta initially said the attack, in January, involved a third-party contractor, a “sub-processor”, and “the matter was investigated and contained”.
“There is no evidence of ongoing malicious activity beyond the activity detected in January,” it said. However, as concern mounted, Okta published a series of updated blog posts providing more detail.
Andrea Babbs, UK general manager at cybersecurity firm, Vipre, said “an important take away from the Okta hack that has recently been announced” is that no organisation is immune. “Any business, however big or small, is a target for a cyberattack; whether the cyber criminals are specifically targeting the company, its customers and/or suppliers,” she told Networking+. “In order to become more resilient against these ongoing attacks, a layered approach is the only approach businesses should be taking. No single layer delivers all the results organisations need to stay secure, hence the need for multiple layers of detection. The best systems are built around a partnership between humans and technology.”
Babbs further added that a cyber-aware culture with continuous training is essential, as is having access to the right technology to ensure maximum protection.