September saw a significant number of cyber breaches with Uber, Rockstar Games and Optus all impacted within a week. The attack methods observed in these breaches were MFA fatigue attacks and a vulnerable public API in the case of the Optus breach. MFA fatigue attacks are becoming a more frequently used MFA bypass technique, where an attacker already has the password for an account, they will bombard the target user with MFA notifications until they finally accept and are let in. This is yet another example of the effectiveness of social engineering and how people remain one of the largest vulnerabilities to an organisation.
Regardless of all the security controls that can be put in place, the importance of organisational cyber awareness culture and educating staff on how to remain safe in the cyber world is paramount. The public fallout from these breaches have revealed the importance of not only having appropriate preventions in place, but also having a developed and robust incident response plan which outlines what steps should be taken, who needs to be notified at which point, and how to recover from a cyber event.