Ade Clewlow, Global Strategic Consultant at NCC Group shared what's noteworthy, surprising, and what organisations must do to protect themselves
From the statement it would suggest that the quick action of Kodak’s defenders likely disrupted the attack and limited the impact. That said, without any further confirmation, we have to assume that the access achieved by the threat actors was significant in itself. It’s unlikely they would make such a public statement unless there are going to be data privacy implications.
There’s nothing remotely surprising to hear that a global company like Kodak has been hit by a cyber attack. Companies of all sizes continue to fail in their primary responsibilities to protect customer data.
Organisations of all sizes must do the basics well: making sure staff are trained to recognise phishing emails and social engineering phone calls (vishing), ensuring password policies are adhered to, that accounts are not over privileged, that patching regimes are actively monitored and delivered. Attackers can enter a network through a variety of ways, but delivering layered defence, making life difficult for threat actors to get a foothold and investing in cyber resilience, from the boardroom down, are all essential ingredients to a robust and resilient organisation.