Stop being a LURKER - join our dealer community and get involved. Sign up and start a conversation.

Reply to thread

Message

Over the past year, I have been spending a lot of time with my security team.
I have been pen-testing using an outside pentester.
Watching reaction times, how they breach, and what they can do afterward.
Backups are just something to help in case. They are not my solution.

Companies like CDK should have great security. Unfortunately, they don't do independent testing. MY old MSP I thought we did a great job on cyber security. Then I worked with my last security company and thought they did a good job, again I was wrong. Once I started having separate companies test one another I got to see the difference. They would show me as the pwned computers. While I'm watching my EDR console and waiting for my SOC to call or start alerting me. It was eye-opening. 3 hours into the test they called. By this time they had half the computers.

The scale that CDK got hit for is scary. For a company that has cyber security all over its website is just checking the boxes like so many. They might have the tools but if they don't know how to use them they are basically useless

<blockquote data-quote="DealerITperson" data-source="post: 74400" data-attributes="member: 17757">Over the past year, I have been spending a lot of time with my security team.I have been pen-testing using an outside pentester. Watching reaction times, how they breach, and what they can do afterward. Backups are just something to help in case. They are not my solution.&nbsp;&nbsp; Companies like CDK should have great security. Unfortunately, they don't do independent testing.&nbsp; MY old MSP I thought we did a great job on cyber security. Then I worked with my last security company and thought they did a good job, again I was wrong.&nbsp; Once I started having separate companies test one another I got to see the difference.&nbsp; They would show me as the pwned computers.&nbsp; While I'm watching my EDR console and waiting for my SOC to call or start alerting me.&nbsp; It was eye-opening.&nbsp; 3 hours into the test they called. By this time they had half the computers.The scale that CDK got hit for is scary.&nbsp; For a company that has cyber security all over its website is just checking the boxes like so many.&nbsp; They might have the tools but if they don't know how to use them they are basically useless</blockquote>

[QUOTE="DealerITperson, post: 74400, member: 17757"] Over the past year, I have been spending a lot of time with my security team. I have been pen-testing using an outside pentester. Watching reaction times, how they breach, and what they can do afterward. Backups are just something to help in case. They are not my solution. Companies like CDK should have great security. Unfortunately, they don't do independent testing. MY old MSP I thought we did a great job on cyber security. Then I worked with my last security company and thought they did a good job, again I was wrong. Once I started having separate companies test one another I got to see the difference. They would show me as the pwned computers. While I'm watching my EDR console and waiting for my SOC to call or start alerting me. It was eye-opening. 3 hours into the test they called. By this time they had half the computers. The scale that CDK got hit for is scary. For a company that has cyber security all over its website is just checking the boxes like so many. They might have the tools but if they don't know how to use them they are basically useless [/QUOTE]

Verification

Top Bottom

Back

Search

Search

Reply to thread