By: Jeffrey Kok VP, Solution Engineers, Asia Pacific and Japan, CyberArk
Cyber criminals and syndicates typically procure and sell personal data records to other criminals who leverage them for phishing attacks, scams, social engineering and other campaigns. In addition, ransom amounts have increased, making it even more compelling for attackers to gain possession of such confidential information.
Monitoring and controlling access rights and privileges is crucial to maintaining a strong security posture. The current landscape has brought about opportunities for attackers to leverage, and retailers and other businesses need to proactively ensure they secure powerful privilege accounts and keep sensitive customer data safe. This is because attackers who gain access to privileged accounts can potentially elevate privileges and move laterally throughout the network to accomplish their goals that could be as serious as executing a complete network takeover.
Affected customers should be wary of unsolicited calls, SMS and emails. They should never divulge passwords, OTPs or SMSes with anyone. As a rule of thumb, use strong passwords for different websites and avoid reusing passwords.
Organisations may consider adopting Singpass as an authentication option so that users can sign in with Singpass rather than having to manage a separate set of usernames and passwords for other sites. In addition, businesses working with third-party vendors could consider independent audits, red team and penetration testing to ascertain that the 3rd party vendors have the expected rigour, due diligence, security controls and governance.