Harvard University—one of the most prestigious universities in the United States—disclosed a data breach over the weekend impacting its Alumni Affairs and Development systems.
Don’t these billion dollar companies get their software pen tested regularly by third party security companies to see how secure and solid their software is?
If anyone should know better, Harvard should - when evaluating what’s best and not and how. I get that this is a zero day and is a sophisticated attack but that’s why you have audits and tests.
No, most of them don’t. Most of them do the bare minimum “check in the box” to make their insurance company happy. Until the insurance companies demand better, they won’t do better.
I agree with your assesment (also in the article). Not really surprising it is then, or?
Certainly doesn’t surprise me.