I’m starting to have some major doubts about corporate cyber-security

The latest hack

We all had a good laugh when accountants from PricewaterhouseCoopers screwed up the Academy Awards. It was an embarrassing mix-up but not one was genuinely hurt.

Now, rival accounting firm Deloitte is shown then what a real blunder looks like. The Guardian reports today its emails system was compromised for nearly a year. They have some of the most-sensitive information in the world, so it’s no surprise they would be targeted.

Deloitte provides auditing, tax consultancy and high-end cybersecurity advice to some of the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies.

The real kicker is how insanely weak their defense was:

«The hacker compromised the firm’s global email server through an ‘administrator’s account’ that, in theory, gave them privileged, unrestricted ‘access to all areas’. The account required only a single password and did not have ‘two-step’ verification, sources said.»

How insane is that? A single admin password for the entire email system and no one even realized it was compromised for months.

What’s even more insane is that Deloitte markets itself as an advisor on how to manage the risks posed by cybersecurity attacks, including many films like this.

So where is all this going? I’m increasingly convinced there is going to be a major, major internet incident. Something like the WannaCry hack but magnified by 100 times in the reach and damage.

Where it goes from there, I’m not sure but it’s going to change the internet.

Article Source

Добавить комментарий