Expert Comments

EU Banking Reg. Hit By MS Exchange Attack– Experts Reaction

Expert(s):
Expert(s):

The European Banking Authority, a key EU financial regulator, confirmed it has fallen victim to a hack of its Microsoft email system which the US company blames on a Chinese group. Microsoft said last week that a state-sponsored group operating out of China was exploiting previously unknown security flaws in its Exchange email services to steal data from business and government users, believed to number in the tens of thousands so far.  

Experts Comments

Dot Your Expert Comments
Bryson Bort
March 10, 2021
Founder & CEO
SYTHE

Organizations can’t prevent zero-days which is why it’s important to embrace the “assume you’ve been breached” model.

This is a clear example of why companies must practice both defensive and offensive security. Organizations can’t prevent zero-days which is why it’s important to embrace the “assume you’ve been breached” model, ie - assume you’ll be compromised and emphasized detection and response. No matter how an attacker gets in, they have to be visible afterward; it’s a question of whether you’ve got resources that are good enough to see it.

Saryu Nayyar
March 10, 2021
CEO
Gurucul

There is always a challenge in balancing operational concerns and change management windows.

While many organizations have moved their business to the cloud in general, and their office productivity suite to Microsoft Office 365 in particular, there are still many organizations that have regulatory compliance issues that prevent moving to a pure cloud infrastructure. That is why the recent attacks against Microsoft Exchange Server have had such an impact on the organizations that still have on-premises installations, such as the attack against the European Banking Authority. There is

.....Read More

While many organizations have moved their business to the cloud in general, and their office productivity suite to Microsoft Office 365 in particular, there are still many organizations that have regulatory compliance issues that prevent moving to a pure cloud infrastructure. That is why the recent attacks against Microsoft Exchange Server have had such an impact on the organizations that still have on-premises installations, such as the attack against the European Banking Authority. There is always a challenge in balancing operational concerns and change management windows when planning for security patches, but as we have so often seen, the emphasis needs to be on security.  Chances are that when an organization gets the alert that they need to deploy a security patch, malicious actors are already using it in the wild.  That means they need to deploy the patches sooner rather than later and hope their existing security stack will keep them safe until the patches are in place.

  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

$2bn Startup Glovo Falls Victim To Cyberattack

Vulnerabilities Found In Wifi-routers

Experts Reaction On REvil/Sodin Behind UnitingCare Breach

Experts On IOS 0-Days Vulnerabilities Discovered

Uni Research Finds That Fertility Apps Collecting And Sharing Sensitive...

44% of Orgs. Report Breaches Due to 3rd Parties, 74%...

92% Of Organisations Who Pay Ransoms Don’t Get All Their...

Experts Comments on World Password Day

Expert Insights On Ransomware Task Force Report

Expert Commentary – Ofcom Warn People Not to Trust Caller...