February 12, 2019

Solutions Review: Key Lessons from VFEmail Breach

Acceptto's Principal Architect Fausto Oliveira shares his thoughts on the VFEmail breach incident in an interview with Solutions Review.

This attack left VFEmail, and some of their customers, without access to their information. This raises questions of what disaster recovery strategy was in place and why data wasn’t backed up into cold storage, thus making it unavailable to attackers. If they had a strategy in place, they should be able to recover at least a substantial part of their customers’ data.

The fact that attackers were able to access and erase all the information demonstrates that the systems were not protected in an effective way. Critical systems, such as these that host customer data, must be protected with enhanced security and all operations must be protected using intelligent Multi-Factor Authentication solutions. If those controls were in place, an operation that deviates from trusted behavior would have raised the friction towards the attackers and provide immutable logs showing that the attack was in progress, allowing VFEmail to react quickly and potentially stop the breach before data was destroyed.

To read the full article visit Solutions Review.

Click here to more about Acceptto's Continuous Cognitive Authentication Solution.

 

MFA identity Access Management authentication hackers breach