In security response, practice makes perfect
We've heard it many times in many forms -- expect to be breached, expect that you've been breached, expect that you are being breached.
The unfortunate reality is that most organizations don't even know that they've been compromised and therefore don't do anything to block spreading of the malware, control the damage, prevent loss of information, or even recover from the technical problems associated with the compromise.
Shawn Henry, former executive assistant director (EAD) of the FBI and now president of CrowdStrike Services, told the 6,500-plus attendees of the recent Black Hat conference that the FBI has knocked on the doors of numerous companies to let them know their data had been discovered on the Internet (usually discovered in unrelated investigations). "Months, or even years later -- with unfettered access, and unbeknownst to the people that own the networks -- organizations are being alerted to being compromised and their data being stolen," said Henry. This is both shocking and unacceptable.
- Thu, 2013-05-16 23:10
- Thu, 2013-05-16 03:04
- Thu, 2013-05-16 02:45