"We had thoroughly checked the affected server to see if there were any additional software installed or configuration changes made. We are also developing a process to move all of our network to RAM disks," a Nord spokesperson said. "We are now building only encrypted servers, immune to such breaches. Nord is also making a number of server security improvements, including using only physical hardware servers. "We are now doing an internal audit, so we're going to have bigger requirements for them, just to verify that this will not happen in the future," Okman said. He also agreed that better practices could have been applied. Nord is raising its standards for the data centers it contracts with, Okman said. ![]() Nord's Okman said he would have preferred the breach not be disclosed until the audit was done, of course, but once the cat was out of the bag Nord needed to respond to user concerns. From that perspective, if privacy really was protected … there was not a cyber breach." "If the anonymity of Nord users was maintained at all times, your security was breached but the privacy was not. ![]() "If no personal info is acquired or exfiltrated from the network, there really wouldn't be a requirement for disclosure of the incident," Watnik said. 'With VPN services, you're buying trust.'Īccording to Scott Watnik, a partner at Wilk Auslander LLP and chairman of the firm's cybersecurity practice, the overwhelming majority of cyber laws in the US don't consider mere unauthorized access to be a "cyber breach" unless personally-identifying user information is stolen.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |