Login
iscover
Kash Sharma, Managing Director, ANZ at BlueVoyantShare this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The recently reported cyber incident involving Hertz Australia, where customer data were compromised after a third-party breach, serves as a reminder for organisations to scrutinise their vendors and other third parties closely.
Digital supply chain attacks often infiltrate organisations through the weakest link. The data breach incident is only one addition to a growing list of significant cyber attacks in the region in recent years that likely originated from a third-party vendor. Organisations are often attacked through their wider digital networks, with more suppliers, service providers, and partners having more access to sensitive data now than ever before.
Personal information at risk
Personal information, such as contact information, date of birth, driver’s license, and payment card information, have been reported to be impacted in the Hertz incident.
Additionally, car rental companies and customers should also be aware that other data can be inadvertently stored when a user syncs with a car. Data such as call and text logs, and potentially GPS or locational information, could be used maliciously by the next or any subsequent renter. Not only can threat actors potentially access the data stored on the vehicle itself, but there are other less obvious threats. If users sync via Bluetooth or Wi-Fi, those connections may not be secure or encrypted and could, therefore, be vulnerable to hacking or compromise. Nearby attackers could intercept data being transferred between the user’s phone and the vehicle. Many vehicles’ infotainment systems allow the use of third-party apps that integrate with mobile devices, and these apps could have their own vulnerabilities, such as backdoors to the customer’s cellular devices, etc.
Car rental companies have ethical and legal obligations to adequately protect or purge the personal data that may residually be left behind after the rental period, and their customers should be made fully aware of the risks of syncing their devices to rental vehicles.
It is critically important that companies in every sector understand their extended digital supply chain, or the suppliers, vendors, and other third parties that have direct or indirect access to their network. Organisations need to know who they are connected to and what access these third parties have. If a third party gets breached, this breach can then compromise the main organisation and result in data loss, ransomware, or business interruption. Organisations should incorporate the following strategies to better tackle supply chain cyber security risks:
Companies can make it more challenging for attackers to gain access by regularly monitoring both internal networks and third parties, enforcing access control, and practising good cyber hygiene, such as using multifactor authentication.
Be the first to hear the latest developments in the cyber industry.
