Breach Notification , Governance & Risk Management , Multi-factor & Risk-based Authentication

ISMG Editors: How Did Medibank's Lack of MFA Cause a Breach?

Also: Critical Infrastructure Security and Fortinet's Latest Acquisition
Clockwise, from top left: Anna Delaney, Tom Field, Michael Novinson and Marianne Kolbasuk McGee

In the latest weekly update, Information Security Media Group editors discussed critical infrastructure security challenges, a report on the 2022 Medibank breach that compromised personal data for 10 million people, and Fortinet's acquisition to integrate Lacework's cloud-native security into its Security Fabric and SASE platform.

See Also: OnDemand | 2023 OT Cybersecurity Year in Review: Lessons Learned from the Frontlines

The panelists - Anna Delaney, director, productions; Tom Field, senior vice president, editorial; Michael Novinson, managing editor, ISMG business; and Marianne Kolbasuk McGee, executive editor, HealthcareInfoSecurity - discussed:

  • Key takeaways from an interview with ICS security program manager John Ballentine of the Port Authority of New York and New Jersey detailing the transportation service's transition from an IT-focused approach to an OT-specific approach;
  • How Medibank's lack of multifactor authentication on its global VPN enabled a threat actor to use stolen credentials from an IT services contractor to breach the company's IT systems in 2022, affecting nearly 10 million individuals, according to Australian regulators;
  • Challenges and opportunities stemming from Fortinet's recent acquisition of cloud security vendor Lacework.

The ISMG Editors' Panel runs weekly. Don't miss our previous installments, including the June 7 edition on the Infosecurity Europe Conference 2024 wrap-up and the June 14 edition on AI and the expected data drought.

About the Author

Anna Delaney

Anna Delaney

Director, Productions, ISMG

An experienced broadcast journalist, Delaney conducts interviews with senior cybersecurity leaders around the world. Previously, she was editor-in-chief of the website for The European Information Security Summit, or TEISS. Earlier, she worked at Levant TV and Resonance FM and served as a researcher at the BBC and ITV in their documentary and factual TV departments.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.