Cleaning product company Clorox has reported a cyber incident that resulted in the company taking certain systems offline. The incident has caused disruptions to the company’s operations and has forced Clorox to implement workarounds to continue serving its customers. The company has also engaged the assistance of a cybersecurity firm and is cooperating with law enforcement in their investigation.
Clorox has not provided specific details about the nature of the cyber incident. However, industry experts have speculated that it may be a ransomware attack. Jordan Schroeder, managing CISO at Barrier Networks, noted that the incident response efforts suggest a potential ransomware attack. Ransomware attacks typically involve hackers encrypting a victim’s data and demanding a ransom for its release.
The incident at Clorox highlights the challenges faced by companies in the current remote work environment. The shift to remote work and the increased use of personal mobile devices has expanded the attack surface for cyber threats. Ted Miracco, CEO of Approov Mobile Security, explained that this dynamic has created vulnerabilities for cybercriminals to exploit, including business email compromise, cyber extortion, phishing, and social engineering attacks.
Organizations must prioritize the protection of this expanded attack surface, particularly for remote workers who may be using personal devices that may not have the same security measures as company-issued devices. It is crucial for companies to implement robust security measures and educate employees about potential cyber threats.
Steve Hahn, Executive VP at BullWall, emphasized the challenges faced by companies in securing their endpoints in the new hybrid work-from-home model. With employees using personal devices and the increased attack vectors available to threat actors, securing the endpoints has become extremely challenging. Hahn suggested that a company’s preventative posture, while important, may not be sufficient in protecting against determined threat actors. Companies need to adopt a post-breach mentality that focuses on rapid response and containment to minimize the impact of an attack.
The incident at Clorox serves as a reminder for organizations to continually reassess and enhance their cybersecurity measures. Cyber threats are constantly evolving, and companies must remain vigilant in their efforts to protect sensitive data and systems. Implementing comprehensive cybersecurity strategies, training employees on best practices, and partnering with reputable cybersecurity firms can help organizations stay ahead of potential threats.