Pageup Data Breach Calls For Zero Trust Security

Pageup Data Breach Calls For Zero Trust Security Warns Centrify

Cybersecurity specialist Centrify warns that this week’s revelation of a major data breach by Human Resource services company PageUp highlights the need for companies to deploy Zero Trust Security.

PageUp, which claims to have two million active users across 190 countries, cites major enterprise and government clients including Telstra, NAB, Coles, Australia Post, Aldi and Medibank. Any data breach potentially compromises the personal details of thousands of Australians.

In the most reported data breach since Australia’s new Notifiable Data Breach law commenced in February, PageUp CEO and co-founder Karen Cariss, in a statement on the company’s website, said that investigations of its IT infrastructure had revealed a malware infection that may have compromised client data. The statement also suggested that users change their passwords.

Centrify Senior Director APAC Sales Niall King said PageUp’s data breach report epitomised the security problem facing corporations and individuals in a “boundaryless world”. “Trust no longer provides protection, whether it’s of an employee or a third-party service provider,” he said.

“While we don’t know how this malicious code got into the PageUp system or what damage it may have done, this incident is another wakeup call for corporations to rethink how they address security.

“Centrify advocates a Zero Trust Security modelbecause it removes trust from the equation entirely. Based on the assumption that untrusted actors exist both inside and outside the network, Zero Trust leverages powerful identity services to secure every user’s access to apps and infrastructure.

“Access to resources is granted only after identity is authenticated and the integrity of the device is proven – but even then, with just enough privilege to perform the task at hand.”

Mr King said this Privileged Access Management strengthened corporate defences by only giving users the privileges they needed to do their jobs - and revoking elevated privileges once the job was done. “This is an additional barrier to an illicit or inadvertent user infecting the system with malware,” he said.

“Likewise, Zero Trust Security mandates that the days of verifying a user’s identity simply with a user ID and password are long gone. Today, usernames and passwords can be phished, bought off the Dark Web - or ‘sniffed’ by malware. Zero Trust mandates that access credentials are fortified by MFA (Multi-Factor Authentication), requiring something you have or are as well as something you know.

“MFA would render useless any passwords compromised by a PageUp data breach because you would need that second factor of authentication - such as a code verified by mobile phone - to log on.”

ENDS

About Centrify

Centrify redefines security from a legacy static perimeter-based approach to protecting millions of scattered connections in a boundaryless hybrid enterprise. As the only industry recognised leader in both Privileged Identity Management and Identity-as-a-Service, Centrify provides a single platform to secure each user’s access to apps and infrastructure through the power of identity services. This is Next Dimension Security in the Age of Access. Centrify is enabling more than 5000 customers, including over half the Fortune 50 in the US, to defend their organisations. To learn more visit

www.centrify.com

The Breach Stops Here

Centrify is a registered trademark and Centrify Server Suite, Centrify Privilege Service and Centrify Identity Service are trademarks of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners.

© Scoop Media