#belgacomhack is belgacom still infected or not

this is the wrong question

it should reshape its securityculture as if they can be infected every day again and that every day when they discover attacks they should be sure that they go to the bottom of it

they shouldn't take things for granted and should be

* changing people from time to time so that they don't get used to the number of attacks

* don't fall into the red traffic gap, it is also the green traffic that has to be looked at because it is not because it leaves the enterprises through accepted rules that it should have left the firm

* get external people in from time to time to question everything

* get other securitytools from time to time to re-analyse the traffic or a copy of it so you are sure that there is nothing that has passed your normal controls

* get some paranoia as a basic part of your security culture, you will be attacked permanently and you will be infected, penetrated and maybe owned all the time over and over again - if they don't have that borderguard mentality they shouldn't be guarding the borders

security is not having people with cv, it is not huge budgets for enormous expensive tools that show very impressive graphical securitymetrics

security is finding that connection of that pc that looks normal to everybody except to the second auditor just going through the traffic for the 20th time with specific filters based on new information about infections and dangerous connections

The comments are closed.