Having worked in the IT and Business Process Outsourcing spectrum for years and for multiple companies / programs, this article struck a cord. While making others aware, did put a disclaimer that security breaches are mainstream (unfortunately); and aside from sound security controls and adequate business processes, vendor management during post-breach will often fall back on the CONTRACT terms / agreements / penalties negotiated.
Evolving story and under current investigation / forensics, Wipro confirmed a security breach of its corporate mail system via phishing campaign that lead to exploits of nearly a dozen clients i.e. we're all connected. Since company filing, a number of exchange between cause (zero-day vulnerability) and mentions of state-sponsored multi-month intrusion, the topic is quickly turning into credibility (of company's accountability / communication), liability and contractual provisions or privacy laws.
Makes you think about contractual provisions / penalties clauses, GDPR, "air-gapped" network, VDI / thin-clients, vendor due diligence, and anomaly detection and response (EDR/UBA) for starters...
Evolving story and under current investigation / forensics, Wipro confirmed a security breach of its corporate mail system via phishing campaign that lead to exploits of nearly a dozen clients i.e. we're all connected. Since company filing, a number of exchange between cause (zero-day vulnerability) and mentions of state-sponsored multi-month intrusion, the topic is quickly turning into credibility (of company's accountability / communication), liability and contractual provisions or privacy laws.
Makes you think about contractual provisions / penalties clauses, GDPR, "air-gapped" network, VDI / thin-clients, vendor due diligence, and anomaly detection and response (EDR/UBA) for starters...
No comments:
Post a Comment