The European Banking Authority, a key EU financial regulator, confirmed it has fallen victim to a hack of its Microsoft email system which the US company blames on a Chinese group. Microsoft said last week that a state-sponsored group operating out of China was exploiting previously unknown security flaws in its Exchange email services to steal data from business and government users, believed to number in the tens of thousands so far.
Experts Comments
While many organizations have moved their business to the cloud in general, and their office productivity suite to Microsoft Office 365 in particular, there are still many organizations that have regulatory compliance issues that prevent moving to a pure cloud infrastructure. That is why the recent attacks against Microsoft Exchange Server have had such an impact on the organizations that still have on-premises installations, such as the attack against the European Banking Authority. There is
.....Read MoreDot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
This is a clear example of why companies must practice both defensive and offensive security. Organizations can’t prevent zero-days which is why it’s important to embrace the “assume you’ve been breached” model, ie - assume you’ll be compromised and emphasized detection and response. No matter how an attacker gets in, they have to be visible afterward; it’s a question of whether you’ve got resources that are good enough to see it.
Linkedin Message
@Bryson Bort, Founder & CEO, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Organizations can’t prevent zero-days which is why it’s important to embrace the “assume you’ve been breached” model...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/eu-banking-reg-hit-by-ms-exchange-attack-experts-reaction
Facebook Message
@Bryson Bort, Founder & CEO, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"Organizations can’t prevent zero-days which is why it’s important to embrace the “assume you’ve been breached” model...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/eu-banking-reg-hit-by-ms-exchange-attack-experts-reaction