I. Ransomware attack on Brazilian Electric Company
The breach was successful due to an unpatched 2-year-old vulnerability in Windows (CVE-2018-8453).
The patch was available in 2018. AV signatures were also available.
The solution is always simple:
Patch your systems
Keep your AV up to date
CISO check: This vulnerability was rated ‘High’ and not ‘Critical’. Does your organisation patch only the critical ones?
II. Working Remotely? Adopt cloud security services
Hastily adopted cloud security services leave the CISO with two key concerns:
Data Privacy
Data Sovereignty
CISO check: Does your planned cloud security service integrate with your existing architecture? Are you going to be stuck with a point solution that partially reduces your risk and addresses only a subset of the problem?
For weekly CyberInsights and thought provoking questions:
CyberInsights Weekly #1
Thanks, Ramesh!
Great initiate CK, Kausthubh