The IT Nerd

This week in regulatory filings with the SEC, Clorox reported a cybersecurity incident that forced it to take several systems offline and is causing disruption to parts of the business’s operations.

“To the extent possible, and in line with its business continuity plans, Clorox has implemented workarounds for certain offline operations in order to continue servicing its customers,” the company said in an 8-K filing.

Clorox noted in its 10-k report that it has seen an increase in the number of cyber attacks since shifting to a hybrid remote work model, and while they are in the process of a multi-year technology upgrade, including transitioning to a cloud-based platform,:  

“The upgrade poses several challenges, including training of personnel, migration of data and the potential instability of the new system.

“[Clorox] may be vulnerable to increased risks, including the risk of security breaches, system failures and disruptions.”

Ted Miracco, CEO, Approov Mobile Security had this comment:  

“Clorox and many other companies are being adversely affected by a one two punch of a shift to remote work and the concurrent reliance on personal mobile devices. This dynamic has dangerously expanded the attack surface for cyber threats, especially business email compromise, cyber extortion, phishing, and other social engineering attacks.  

“Organizations must urgently prioritize protections for this new perimeter, and it is especially important to focus on remote workers whom may be using personal devices that are not as secure as company-issued devices.”

Steve Hahn, Executive VP, BullWall follows with this comment:   

“As Clorox indicated in their company 10K filings, cyber attacks have escalated in the last few years due to their new “hybrid” work from home model. Like many companies, this work model expands the attack surface and makes the job of securing the endpoints nearly impossible. Broadly speaking, we’ve seen a huge uptick as a result of increased efforts by threat actors who now have vastly more attack vectors to take advantage of.  

“It doesn’t seem to matter how good a company’s preventative posture is, with a determined threat actor it’s a matter of “when” not “if” the attackers are successful. Because of this companies need to adopt a post breach mentality that looks to respond and recover in milliseconds by containing the attack, and not just focusing on prevention.”

With hybrid work here to stay, companies have to think differently about how they secure themselves. And as evidenced by this case, make every effort to make sure that either the bad guys don’t get in, or they are forced out as quickly as possible.

This entry was posted on August 17, 2023 at 8:40 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.