Dell Inc. has reset all customer passwords in response to a hacking attempt on Nov. 9.

In a statement Wednesday, Dell said it had detected and disrupted unauthorized activity on its network attempting to extract Dell.com customer information, which was limited to names, email addresses and hashed passwords.

Playing it safe, the computer systems maker added that “though it is possible some… information was removed from Dell’s network, our investigations found no conclusive evidence that any was extracted.” The form of the attack was not disclosed.

Stephen Moore, chief security strategist at Exabeam Inc., told SiliconANGLE that large organizations — especially ones the size of Dell — are usually responsible for massive amounts of data.

“All of that data gives attackers more places to hide,” Moore explained. “For example, hackers can enter a network through a less sensitive — and thus less monitored — vector such as an unprotected cloud server, an IoT device or a shared employee laptop. They can then move laterally from that single device to access critical resources spread across the organization.”

For that reason, he added, organizations must shift their enterprise security strategy. “Network security simply isn’t enough,” Moore said. “The key is to move fast and consider an approach that is closely aligned with monitoring user behavior — to provide the necessary visibility needed to restore trust, and react in real time, to protect customer data. This should include the ability to detect, using behavioral characteristics, when events have occurred.”

Matan Or-El, chief executive officer of Panorays Inc., noted that cybercriminals will repeatedly pummel websites, probing for a way to get in, especially with large companies such as Dell.

“While Dell took immediate action once the unauthorized activity was detected, it still took almost 21 days to let customers know that they needed to change their passwords,” Or-El said. “New data privacy laws going into effect will start to force companies to report incidents like these in 72 hours, so that consumers can mitigate the impact to their personal information or credit cards.”

Photo: Editor at Large/Wikimedia Commons