Investigation limbo
Feb 20th, 2019 by Jesper Kråkhede
Following the discussion with legal after my previous post we have got some guidance to move forward. Apparently this was a common business practice from the service providers side to minimise cost. When challenged by the legal department they quickly became more accommodating in helping us. This is something to take note of. Never allow a service provider to dictate your security practices.
Right now we have found out that the domain admin accounts we were investigating for suspicious behaviour wasn´t personalised as was in the contract but due to cost management they where used as group accounts on standard laptops, not on dedicated workstations as in the contract.
Moving back to legal there sure are going to be changes here. I´m not too keen about being the bearer of bad news but then again, I´m not to keen about not speaking out when I see something that put my customers at risk.
More to come for sure.