Despite the position issued by CrowdStrike dismissing the link between the so-called 'cyber blackout' provoked today (19) and the issue of information security, for the fact that there was no cyberattack, Experts in the field say the case constitutes a security incident.. For these professionals, the event highlights the need for companies to prioritise compliance with the rules set out in ISO 27001 and structured business continuity and incident response plans.
For Bruna Fabiane da Silva, member of the DeServ Academy, who was voted late last year one of the Top 50 Women in Cybersecurity in the Americas by WOMCY (LATAM Women in Cybersecurity)., the case was nevertheless a security incident because the problem hit the ‘availability ⁇ pillar, which is one of the three foundations of information security.
According to her, The incident highlights that the best security strategy for companies is not just to take care of information security with regard to "confidentiality"., that would be linked to preventing data leakage or undue exposure. It is not enough to worry about problems related to the "integrity" of information, which is when the data is improperly modified. In addition to these two aspects, the "availability" of the data must also be protected, which is a fully business continuity-focused aspect
Already the CEO and founder of DeServ, Thiago Guedes, draws attention to the fact that companies often rely heavily on a specific security solution by tying the entire strategy to a single tool
Apparently, depending on the reliance on this technology, Many of them don't have strong business continuity strategies.. But today's case, as well as many that have occurred in the past, show that, even with high reliability and high level solutions, It is essential to have a business continuity plan to avoid a longer shutdown of activities., concludes
