This attack left VFEmail, and some of their customers, without access to their information. This raises questions of what disaster recovery strategy was in place and why data wasn’t backed up into cold storage, thus making it unavailable to attackers. If they had a strategy in place, they should be able to recover at least a substantial part of their customers’ data.
The fact that attackers were able to access and erase all the information demonstrates that the systems were not protected in an effective way. Critical systems, such as these that host customer data, must be protected with enhanced security and all operations must be protected using intelligent Multi-Factor Authentication solutions. If those controls were in place, an operation that deviates from trusted behavior would have raised the friction towards the attackers and provide immutable logs showing that the attack was in progress, allowing VFEmail to react quickly and potentially stop the breach before data was destroyed.
To read the full article visit Solutions Review.
Click here to more about Acceptto’s Continuous Cognitive Authentication Solution.