How do you feel about the Okta and Microsoft incident outed by LAPSUS$?
Is your organisation a victim?
How are you coping with the incident Response?
Could Okta have done better?
I like to the sentence "Trust is built on transparency and corporate responsibility, and demands both"
I don't know, but very likely the CISO of Okta will have (is having) a tough time.
Honestly by not reporting and disclosing is really bad and until LAPSUS$ call upon, that is the worst nightmare. Being compromise is bad (for sure), but this even look worst.
Great links, thanks for sharing.
Here is a note from the CSO of OKTA in which he lays out the timelines.
I wonder how long he will be in place?
Seven teens arrested in relation to this attack.
My favorite part of that article you shared is the quote from the father (last paragraph of the article).
"He’s never talked about any hacking, but he is very good on computers and spends a lot of time on the computer,” the father said, according to BBC News. “I always thought he was playing games. We’re going to try to stop him from going on computers.”
@AndreaMooreDefinitely a good one, however it also good to see Okta actually agree that they did the wrong thing, by keeping the situation quiet to the rest of the world for a prolonged period.
At least they acted quickly to remedy the situation too.
This is a deep and long analysis on the Okta incident, with many lessons to be learnt?
But will it be learnt and how will others learn from this experience?
Good sharing and interesting.
I think the CISO's comments are fair. The technical damage is minimal but it's the damage to the trust and reputation and this is a perfect PR disaster.
Trust is built on Transparency, Accountability and Assurance.
What does Okta give customer?