Last week’s cyber-attacks against the airline industry in Vietnam have exposed serious systemic vulnerabilities and caused considerable reputational damage to the organisations hit.
Whilst scrambling efforts are being made to contain the fallout, the depth to which the attackers may have penetrated remains worryingly unclear.
On Friday 29 July, the computer systems of two major international airports, Noi Bai in Hanoi and Tan Son Nhat in Ho Chi Minh, were hacked and offensive messages were displayed on flight information screens about the South China Sea, Vietnam, and the Philippines.
At the same time the national carrier’s, Vietnam Airlines’, website was hacked and defaced, and its VIP membership database was stolen. The private details of over 400,000 customers were leaked online for download and subsequent exploitation.
The private details of over 400,000 customers were leaked online for download and subsequent exploitation.
Few details have been released regarding the measures in place at VA to protect their website and client data, however the level of security was clearly insufficient.
According to a local media report, not only had VA had improperly stored customer personal identifying data, such as names, birthdates, and addresses, but the bank card details of some customers were included in the accounts data.
These events beg the question: if a best practice security framework was in use, would this data break have occurred in the first place?
These events beg the question: if a best practice security framework was in use, would this data break have occurred in the first place?
There are a number of frameworks on the cyber security market currently that would, if properly implemented, have at least provided some respectable measure of protection to the sensitive data that ended up in the hands of the attackers. For example, an implementation of ISO2700 and its various components, may have turned this now worrying data breach into a website defacement non-story.
The benefits of using tried and tested information security frameworks need to be further disseminated to all manner of organisations to help educate and improve the security posture of entities holding sensitive data. The price exacted in the fallout of these types of data breaches often far outweigh the cost of implementing some form of best practice framework.
As the cyber landscape grows increasingly hostile, so too does the importance of investing in the security and safety of customer data.
The Agilient Team