-1.png?width=350&height=117&name=iuvo_logo_blue_Transparent%20(1)-1.png){kind=logo}
The latest news in the security scene is all about SOREBRECT.
Most of the analysis on the web is all the same article, so I won't copy/paste it again and pretend like I wrote it... like many seem to be doing (shame on you, Internet... shame!). Anyway, here is Trend's analysis on it.
But, really, the "big news" on how to deal with this, is mostly more of the same. It's the all the stuff we hear all the time. Patching, antivirus, firewalls, and... of course...user education.
However, in this particular case the one underlying threat is users who run with elevated permissions on their workstations or in the network.
So as Senior Leaders in your organization, you need to ask your I.T. people three key questions in particular:
- Do our users have administrative rights on their workstations? (the answer needs to be NO)
- Do our network/domain administrators have admin rights on their workstations with their regular user accounts? (the answer needs to be NO)
- Do our administrators log in to their workstations with accounts that have broader administrative access in the environment? (such as Domain Admin rights on a Windows domain) (the answer needs to be NO)
And make sure you have them prove it to you. Go do an audit. Have them show you that the Administrators group on several workstations does not include the user. Be extra sure to check anyone who is a developer or a power user. They'll tend to be the squeaky wheels that will break your I.T. people over time and get the rights they want.
And, of course, you have to be sure systems are patched, antivirus is in place, firewalls are secured, etc.
Trust me on this. Nearly every environment I walk into has more open doors and unlocked windows in their security than you can possibly imagine, and every single one of the executives that owns those environments are totally shocked because they had assurances from their team that they were secure.