Comments by: Eric Nagel, General Manager for APAC at Cybereason
“There are many weaknesses in supply chain security. Public and private sector organizations alike are not tamper-proof in today’s world. Living with a post breach mindset is essential for all companies as incidents will happen and identifying and stopping risks in real time is the key to keeping your most important data and information secure. Limiting damage starts by identifying the risks early.
My advice for all organizations is to make sure you are working closely with every vendor in your supply chain. Make sure you choose your partners wisely and look to be able to vote with your feet. In addition, your internal security teams need to improve their ability to vet apps and products continuously, update applications, protect users, limit damage when it occurs and be more resilient.
For Apptitude, make the effort to lean in, provide a high level of transparency and don’t play the victim card. Apptitude can only be the hero in stopping future incidents from occurring as they can’t play the victim card for this incident or any others in the future.
Good for Apptitude for not paying the reported ransom demands of the threat actors as more often than not paying ransoms only emboldens them to increase their ransom demands in the future. We can return all defenders to higher ground above adversaries by not paying.”