Endpoint protection alone is no longer enough for today's threats. If they have admin permissions to the machines, so do the bad guys and the malware.ģ. Make sure end-users don't have admin permissions to their devices. If staff are in the habit of turning off your endpoint protection to install software or because they complain about endpoint protection software slowing down their machine, remember that the bad guys can just as easily turn it off too.Ģ. Make sure that the endpoint protection you use has tamper protection that can't be turned off without generating alerts that someone is paying attention to. So here are my key takeaways from a compromise on a large, well-known security company like LastPass for the average small or mid-sized business:ġ. This time the threat actor had access to the data for over 2 months! Again, the threat actor compromised a software developer's machine while at home, using a keystroke logger to record username and passwords typed. In the second breach, the threat actor used data and information gleaned from the first compromise to further infiltrate the network. To access the data, the threat actor was able to steal LastPass data through the VPN connection that the software engineer used for connecting from his home to the data center. One of the threat actor's actions was to disable the endpoint protection. The first, involved a software engineer's laptop being compromised (how has not been determined) and accessed for 4 days by the threat actor. LastPass released more details last week about last year's data breach, and while there's been a lot of talk about what LastPass did wrong, I want instead to look at the lessons for business owners.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |