|
|
|
|
|
|
by nonrandomstring
840 days ago
|
|
|
Good report. Well written incident summary useful for cyber-students
to follow and learn. > The Library utilises numerous trusted partners for software
development, IT maintenance, and other forms of consultancy > increasing complexity of managing their access was flagged as a
risk. > first detected unauthorised access to our network was identified at
the Terminal Services server. This terminal server had been
installed in February 2020 to facilitate efficient access for
trusted external partners Sadly their response seems to be using more cloud infrastructure and
outsourcing more. trusted != trustworthy The essential lesson - that good IT and security people within your
company cost money. It is worth paying for vigilance, loyalty and care
- has not been heeded. |
|
|
CYA - it stops being their management's fault if its outsourced,