• About
  • Subscribe
  • Contact
Thursday, May 8, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

FutureCISO Security Alert: UN hacking a case of basic security hygiene ignored?

Allan Tan by Allan Tan
September 20, 2021
Photo by Soumil Kumar from Pexels: https://www.pexels.com/photo/photo-of-person-typing-on-computer-keyboard-735911/

Photo by Soumil Kumar from Pexels: https://www.pexels.com/photo/photo-of-person-typing-on-computer-keyboard-735911/

On 9 September 2021, Bloomberg quoted Stéphane Dujarric, spokesman for the UN Secretary-General, as acknowledging hackers breached the United Nations’ computer networks in April 2021.

“The United Nations is frequently targeted by cyberattacks, including sustained campaigns. We can also confirm that further attacks have been detected and are being responded to, that is linked to the earlier breach,” said Dujarric.

Hacking has reached a point where it is unusual for any company. According to vpnAlert, cyberattacks happen every 39 seconds on average.

Simon Piff

Simon Piff, Vice President for Security Research with IDC Asia/Pacific commented that knowing which agencies and perhaps which parts of these agencies could be useful in identifying the motives for such a breach.

“The implication that UN identities are for sale on the dark web would imply that ALL UN identities could be available for sale if the identity and its passwords were part of a hack, or perhaps it was social engineering and someone simply sold their details to someone on the dark web, which could be potentially more serious as there is very little that can be done to control that,” he added.

In a separate article, CPO Magazine suggested that “the data breach appears to stem from an employee login that was sold on the dark web. The attackers used this entry point to move farther into the UN’s networks and conducted reconnaissance between April and August.”

Another media, infotechlead, reported that the hackers use credentials taken from Umoja – the UN’s proprietary project management software. The report noted that at the time of the attack, the Umoja account used by the hackers wasn’t enabled with two-factor authentication.

Piff commented that “assuming UN IT security folks knew the account was breached, not enabled 2FA was a serious oversight, and I would expect after such a breach is made public multi-factor authentication would be made mandatory as that has the potential to negate any stolen or sold credentials.”

Basic security measures

Pei Yuen Wong

“While cyberattacks are increasing in sophistication especially in recent years, the vast majority of successful breaches can still be avoided through the effective implementation of basic cyber hygiene measures such as multi-factor authentication, prompt patch management, proper network segmentation etc,” said Pei Yuen Wong, CTO IBM Security ASEAN.

“IDC believes that multi-factor authentication, whilst not a panacea, can address many of the existing security threats that most organizations face and that not implementing it is simply trusting to luck,” said Piff.

Thomas Richards

According to Thomas Richards, a principal security consultant with Synopsys Software Integrity Group opined that compromised credentials continue to be the most likely entry point into a target organisation’s network.

Richards proposed that to protect against such attacks, organisations should take proactive steps to enable multi-factor authentication on all externally accessible services and applications. Additionally, there are services that can be used to monitor dark web sites for breach data including passwords, usernames, and email addresses that are relevant to the organisation.

“These two steps, if implemented, would have made the attack much more difficult to carry out. As a final precaution, organisations should configure their log monitoring and audit tools to alert on any suspicious logins including those outside of normal business hours or from IP addresses that have not been used by that user before,” he concluded.

“IBM advocates a zero-trust approach in mitigating cyber threats and helps our customers safeguard their digital assets against bad actors through the adoption of this foremost cyber security paradigm,” added Wong.

Related:  Partnership to enhance OT network segmentation and compliance
Tags: dark webIBM SecurityIDC Asia/PacificSynopsys Software Integrity GroupUmoja
Allan Tan

Allan Tan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe