{"id":10281,"date":"2023-03-26T08:20:33","date_gmt":"2023-03-26T08:20:33","guid":{"rendered":"https:\/\/www.bankvault.com\/?p=10281"},"modified":"2023-03-29T15:29:58","modified_gmt":"2023-03-29T15:29:58","slug":"lattitude-financial-how-to-avoid-the-same-mistakes","status":"publish","type":"post","link":"https:\/\/www.bankvault.com\/lattitude-financial-how-to-avoid-the-same-mistakes\/","title":{"rendered":"Latitude Financial Services Hack – <\/br>How to avoid the same mistakes"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Password Manager<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

As more facts have come to light about the Latitude Financial Services cyber-attack, the gravity of the situation for customers intensifies, inflicting profound reputational damage to the organization.<\/p>

Last week it was said 328,000 customer records were stolen.\u00a0 The revised estimate is now 14 million. \u00a0The size and scope of the Latitude hack now towers over the breaches of Optus and Medibank, inducting Latitude into a league that no one wants to be part of; The biggest data hacks in Australian history.<\/p>

Customers are asking why their records, as old as 2005, were stored unencrypted and so easily exfiltrated?<\/p>

IBM states it takes an organization an average of 227 days<\/b><\/a> to identify, contain and ultimately plug the leak. By that stage the damage to reputation, trust and the bottom line is irreversible. As Warren Buffet famously said:
\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u201cIt can take 20 years to build a reputation but only five minutes to ruin it.\u201d<\/p>


How can we address this issue and glean insights from the Latitude Financial case study?<\/strong><\/p>

\u201cThere are two types of companies. Those that have been hacked, and those that don\u2019t know they have been hacked\u201d – John T Chambers.\u00a0 A crucial recommendation from cybersecurity leaders today is that if your organization doesn\u2019t have at least one person dedicated to cybersecurity then you have left the door wide open for hackers.\u00a0<\/p>

How was Latitude Financial beached?<\/strong><\/p>

Bitdefender<\/a> reports that hackers infiltrated Latitude\u2019s back office by intercepting a senior staff member\u2019s login credentials. They then gained access to two other external service providers.\u00a0 The high privilege account allowed hackers to gain access to multiple systems and the haemorrhage started. There is no way back as the genie cannot be put back into the bottle!\u00a0<\/p>

How can attacks like this be prevented?<\/strong><\/p>

The issue lies in the fact that username-password credentials can be easily intercepted by hackers. Password Managers cannot solve the problem either.\u00a0 When they load an encrypted password into a web form it is has to be un-encrypted \u2013 clear text \u2013 which is intercepted instantly by a Man-in-the-Browser.\u00a0<\/p>

Until now, the industry\u2019s only solution was Two Factor Authentication (2FA). Although this is an excellent idea it merely presents a second hurdle in series and is not infallible. If your browser is breached by a Man-in-the-Browser and have intercepted your login credentials then the hackers are only one step away from tricking you into revealing your second security factor. A little social engineering can accomplish this and the resulting reputational damage and financial consequences can be catastrophic.<\/p>

The solution is to remove the single attack surface by going passwordless.<\/p>

Embracing Passwordless!<\/strong><\/p>

In 2019, Gartner\u2019s Ant Allen predicted 90% of mid-market SME\u2019s and 60% of global enterprises would adopt Passwordless Authentication. Within two years Passwordless start-ups became the highest funded in cybersecurity history and today Apple, Google, and Microsoft each offer passwordless access to their own services.\u00a0 With the capability now in every user device, analysts predict mass adoption as online service providers surge to deploy frictionless access for their own users.<\/p>

Passwordless authentication eradicates the single attack surface making it incredibly difficult for hackers.<\/p>

Stronger security builds user trust.\u00a0 Frictionless access increases engagement. <\/strong><\/p>

These dual clear benefits for end-users translate to a competitive advantage and business driver for online service providers.<\/p>