0 Comments
We put a lot of trust and confidence in the core products that support our businesses. But what if a clever attacker were able to compromise a system admin's workstation, and gain superuser privileges on such internal systems as email, messaging, and collaborative platforms (say in the Windows world, Outlook, Skype, and SharePoint). The attacker is now embedded deep in the system with alternate admin accounts, and is reading everything you're doing.
How do you recover or even plan how to remove the infiltrated attacker, when they can see every email and message? If you have a disaster recovery plan to respond to that ugly scenario (do you believe it won't happen?), it could well be to communicate (hopefully securely) over methods that are not visible to the internal IT system. Online systems such as https://riseup.net/ in normal situations are undesirable because their communications are not directly visible to the corporate IT and Security teams. But if those core IT systems have been compromised, a "Plan B" for at least a subteam or leadership team should use tools that are not transparent to the attackers who now own your internal IT and security. |
AuthorDjilpmh Pi has been tracking the spread of Shadow IT for some time. This collection lists some of the most egregious examples. He Archives
January 2020
Categories
All
|