Okta has recently admitted to making a mistake by delaying the disclosure of a hack that occurred in January. Okta says that in January the company believed this was an unsuccessful account takeover by Lapsus$ data extortion group, targeting a Sitel engineer that required no further action. This “attempt” impacted 366, 2.5% of Okta’s customers. This was an issue of Incident Response gone bad. The cause was a hacker obtaining Remote Desktop Protocol access to a Sitel employee’s laptop.
Another similar incident is the Blackbaud hack in 2022, where the company identified a months-long ransomware attack, paid an undisclosed ransom, and the hacker had already compromised the data of over 120 organizations. The company faced criticism for downplaying the incident and waiting weeks to disclose information related to the attack.
Events like these highlight the importance of having strong Incident Response plans in place, including plans on communication in the event of an event, as well as testing and practicing these procedures before an incident occurs. Take this as a lesson and keep your company and your clients secure, by doing the necessary preparation, properly investigating if you notice anything suspicious, and having cyber insurance in place before an incident occurs.