Bleeping Computer has reported that audio maker Bose disclosed a data breach after ransomware attack that hit the company’s systems in early March. A breach notification letter filed with New Hampshire’s Office of the Attorney General by Bose stated the company “experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across” its “environment.”
Trevor Morgan, product manager at Comforte AG, said:
“In ransomware attacks like the one affecting Bose in March, we look for the slivers of good news: no significant system outages, no ransom payments made, no detection of stolen data on the dark web, and of course only a small group of affected victims. I guess looking for the small victories is one way of looking at it. Another more effective approach is to observe and learn from these incidents and completely rethink your organization’s data security posture.
“Ask yourself some questions. Are you merely guarding the borders around your data, or are you protecting the data itself? And if you’re protecting the data, what data-centric security method are you using? More and more enterprises are turning to tokenization and format-preserving encryption to protect their most sensitive data. These methods enable most of your business applications to work with the data without de-protecting it, and no matter whose hands the data falls into, the sensitive information cannot be leveraged. This level of data security should be music to anybody’s ears.”