.
“Cyber-security
assessments can be a mixed blessing. Legal experts say some general
counsels advise organizations against doing such assessments if they
don’t have the ability to quickly fix any problems the auditors find,
because customers and shareholders could have cause to sue if an
organization knowingly disregards such warnings.”
July 28, 2016, “DNC Ignored Cybersecurity Advice that May Have Prevented Recent Breach,” Bloomberg, Michael Riley, via govtech.com
“The theft ultimately led to the release of almost 20,000 internal
emails through WikiLeaks last week on the eve of the convention.”
“The Democratic National Committee was warned last fall [2015] that its computer network was susceptible to attacks but didn’t follow the security advice it was given, according to three people familiar with the matter.
The missed opportunity is another blow to party officials already embarrassed
by the theft and public disclosure of emails that have disrupted their
presidential nominating convention in Philadelphia and led their
chairwoman to resign.
The
review found problems ranging from an out-of-date firewall to a lack of
advanced malware detection technology on individual computers, according to two of the people familiar with the matter. The
firm recommended taking special precautions to protect any financial
information related to donors and internal communications including
emails, these people said.
The DNC paid $60,000 for the assessment, according to federal filings.
Mark Paustenbach, a spokesman for the DNC, declined
to comment on the Good Harbor report. Emilian Papadopoulos, president
of Washington-based Good Harbor, said he couldn’t comment on work done
for a specific client.
The security review commissioned by the DNC w,as perhaps the most detailed of a series of missed warnings.
Officials at both the Republican National Committee and the DNC
received government briefings on espionage and hacking threats beginning
last year, and then received a more specific briefing this spring,
according to another person familiar with the matter.
Cyber-security
assessments can be a mixed blessing. Legal experts say some general
counsels advise organizations against doing such assessments if they
don’t have the ability to quickly fix any problems the auditors find,
because customers and shareholders could have cause to sue if an organization knowingly disregards such warnings….
The firm typically recommends that clients
conduct a so-called breach assessment to determine whether hackers are
already lurking in the network, Papadopoulos said. He wouldn’t confirm whether such a recommendation was among those delivered to the DNC.
“We give recommendations on governance, policies,
technologies and crisis management,” he said. “For organizations that
have not had a compromise assessment done, that is one of the things we
often recommend.”
It isn’t certain a breach assessment would have spotted the hackers, according to Barron-DiCamillo, but it would have increased the chances. “Why spend the money to have Good Harbor come in and do the recommendations and then not act on them?” she asked.”"
......................
Friday, May 18, 2018
Due to its documented negligence, DNC is the only entity that should be sued for emails becoming public. DNC paid for cybersecurity assessment then disregarded advice it was given-Bloomberg, Riley, 7/28/2016...(Since no computer is ever secure, the entire issue is moot and fraudulent. Expect everything on computers to be public or don't use them. Cybersecurity industry is giant fraud)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment