Cyber blackout was a security incident and could have been avoided

Despite the position issued by CrowdStrike discarding the connection of the so-called cyberpagan’ provoked today (19) with the issue of information security, because there was no cyber attack, experts in the subject say that the case is a security incident. For these professionals, the event highlights the need for companies to put on the list of priorities of their business compliance with the rules established in ISO 27001 and business continuity plans and responses to incidents. 

For Bruna Fabiane da Silva, partner of DeServ Academy, who was elected at the end of last year one of the 50 Best Women in Cybersecurity in the Americas by WOMCY (LATAM Women in Cybersecurity), the case is still a security incident because the problem reached the pillar of availability of the 50 of the Americas, which is one of the three bases of information security. “A failure that happened during a system update made several information security assets unavailable and this caused damage and damage in a significantly large proportion geographically, said.

According to her, the incident shows that the best security strategy for companies is not only to take care of information security with regard to 2confidentiality’, which would be linked to prevent data leakage or improper exposures.So little is enough to worry about problems related to the (integrity of information, which is when data is modified improperly.In addition to these two aspects, it is also necessary to protect the 3availability of data, which is an aspect totally focused on business continuity.

“For a company that wants to be careful of having this unavailability for a long time, it is essential to adopt the backup policy rule present in ISO 27001, which is the ISO of information security. This standard provides recommendations to have a backup strategy 3,2,1. It means that the organization has to provide three environments to store the information, two of them, at least, on physical media installed in separate places and a third in the cloud, for example,” explains.

DeServ CEO and founder Thiago Guedes points out that companies are often based on a specific security solution by tying the entire strategy to a single tool.

“It seems that, due to the trust in this technology, many of them do not have robust business continuity strategies. But today's case, as well as many that have occurred in the past, show that, even having high reliability and high level solutions, it is essential to have a business continuity plan to avoid a longer stop of the” activities, he concludes.