- Last Week As A vCISO
- There's Good Incident Response, Then There's AnyDesk
There's Good Incident Response, Then There's AnyDesk
The security community is in uproar about the AnyDesk incident
I need to keep today’s post short, so I will defer to some others for details.
AnyDesk recently had a security incident and the security community is in an uproar. Why? Well, not because they had an Incident, which does seem bad… but more so on how they handled that incident!
When you have a security incident, it’s customary to notify customers and the public appropriately. You don’t need to provide full details, but it’s critical to inform them sooner than later, because every minute of delay put them at risk. Having more frequent updates is better than none.
There is an expectation of transparency.
In this case several days went by before an update was sent. See thread below for details why.
A few notes on #AnyDesk:
* This shouldn't be coming out on a Friday afternoon when they took systems offline days ago. This is a PR move. Companies that are being transparent don't play these shenanigans
* Your code signing cert was stolen? 1/n
— Jake Williams (@MalwareJake)
Feb 2, 2024
Alex Stamos, an OG in the information security community also commented on the incident.
I have written a number of times on the subject as well, just search “incident” on the blog.
Here is one notable post that has some good takeaways.
That’s all for now. Have a great rest of your week!