Ticketmaster security breach - the industry speaks

null

Ticketmaster has revealed it has suffered a major security breach after being hit in a cyber-attack last night. Thousands of UK customers may be affected by the breach, which was reportedly caused by malicious software on third-party customer support product Inbenta Technologies.

We spoke to some of the security industry’s leading minds to find out their opinions on the attack.

Allen Scott, consumer EMEA director, McAfee:

“Like so many businesses who fall victim to data breaches, Ticketmaster has been slow to respond and put right this wrong. To win the battle against online fraud, we need businesses to join forces and support one another in identifying and responding to security threats.

For any Ticketmaster customers concerned about the security of their personal information, there’s a few simple steps they should take immediately. Firstly, they should change their passwords straight away. We know it’s hard to remember all your passwords but using a password generator and manager can help solve this problem and ensure you don’t become an easy target.

Do not click on any links or open attachments you receive via email from Ticketmaster. Hackers will be eager to ride this wave by targeting customers with phishing emails. Clicking on links or attachments in these emails can lead to your devices becoming infected with malicious malware that enables hackers to get their hands on your personal and financial information. If you’re worried you may have fallen victim, search for Ticketmaster online and get in contact directly; don’t wait for Ticketmaster to come to you.

Finally, if you notice suspicious activity in your bank statements, contact your bank straight away to request a new card and highlight the fraudulent activity.”

Jake Moore, security specialist, ESET:

"When it comes to cyber security there is no silver bullet. You can never place all your confidence into one prevention method and relax. Cyber attacks aren’t a possibility, they are an eventuality. You will never have enough people, systems or money to prevent or detect an attack. 

In this latest attack it would be absolutely necessary to change your Ticketmaster password and any others that are the same in other accounts. At this stage it may not be known the extent to what has been taken which could be personal and payment information." 

Chris O’Brien, director intelligence operations, EclecticIQ:

“The news that the Ticketmaster breach was down to issues with a third-party supplier is worrying, but unfortunately no longer rare. The flexibility offered by the modern business landscape has led to the use of third parties becoming prolific. However, while these working relationships may be beneficial for those involved, the threat of external suppliers in the supply chain being compromised is increasing. 

We are moving towards a world where the suppliers who provide detailed security implementations and can demonstrate practical implementation of security standards will be in a better position than their competitors. Ensuring there isn’t a weak link in a supply chain is fundamental, but simply having an accreditation will soon not be enough to build trust between third parties and their partners. With the constantly evolving threat landscape making it difficult for organisation to know what to protect themselves against, it’s more important than ever that businesses and their suppliers work collaboratively in order to stand a chance of getting one step ahead of the bad guys.”

Sarah Armstrong-Smith, head continuity & resilience, Fujitsu UK & Ireland:

“What is clear from this latest attack is that every organisation, be it public or private, small or large, is vulnerable to an attack. Although there is no denying that organisational awareness is on the rise, those behind breaches are finding new and creative ways to bring an organisation to its knees.  

As attackers always have the initiative, even the best-run company could suffer from a hack or data theft. With GDPR in full force, companies need to be aware of all the channels cyber criminals can use to infiltrate the company and steal data, and take proactive steps to safeguard it. The ripple effects of an attack no longer stay within the four walls of an organisation, and businesses of all sizes must remain on the front foot to proactively identify and manage threats instead of waiting for breaches to happen.

After all, cybercrime is not a probability, it is an inevitability. It will be the way in which organisations prepares for it, however, that can make all the difference.”

Adenike Cosgrove, cybersecurity strategist, EMEA, Proofpoint

“The recent data breach at Ticketmaster marks one of the first major international breaches of EU personal data reported after the GDPR enforcement date, making this a case to watch with regard to consequences. Questions will be asked first and foremost about how sensitive personal data including payment information was shared, unencrypted, with a third party application.

This breach underscores why enterprise security teams must have clear visibility into the third-party applications running within their environments and appropriately secure them as more and more organisations rely on cloud-based solutions to conduct operations worldwide. Best practice calls for organisations to deploy a Cloud Access Security Broker (CASB) solution that combines user-specific risk indicators with cross-channel threat intelligence to analyse user behaviour and detect anomalies in third-party apps. Without this, organisations simply don’t know when users and corporate data are at risk. 

Organisations are at their weakest post-breach when it comes to fraud. As we saw with Equifax, hackers almost immediately distributed phishing attempts to try and capitalise on the incident. Users affected by this breach should be extremely vigilant in confirming the source of all emails that are sent to their email inbox; they should also change their password directly through Ticketmaster’s website, and sign up for the credit monitoring service that Ticketmaster has offered.”

Paul Cant, VP EMEA, BMC Software:

“Another day, another breach! It has been some time since we’ve seen a series of big names in the cyber security firing line, but with the number of multi-cloud environments and IoT devices continuing to rise, we are going to see more and more. Although we know there are many risk vectors, organisations have to be sure they are secured. With GDPR penalties looming large, organisations simply cannot afford to leave cybersecurity as an afterthought. 

Only by relentlessly examining internal processes can companies discover how their systems storing data are configured, how they’re connected, where any vulnerabilities sit – including through third party software and services - and then piece together a plan to remediate those vulnerabilities and correct them – keeping the personal data of their customers secure.”

Rodney Joffe, SVP and Fellow, Neustar:

“With another organisation falling victim to the threat of hackers, this latest security breach is a further reminder that strategies must be put in place to proactively manage cyber-attacks.

Increasingly, attackers are finding new and innovative ways to breach web perimeters – from web application and DDoS attacks to ransomware. Installing a Web Application Firewall (WAF) is crucial for preventing third parties like these from accessing a website and stealing customers’ sensitive and personal information. And with legislation such as GDPR in play, it is as important as ever that a unified 24/7 Security Operation Centre, including a user interface with real-time monitoring and reporting, is already in place.

Cyber-danger is real and, in times like these, it is critical that security is kept at the heart of all operations.”