The recent high profile breach that caused cloud based service provider to shutter its doors illustrates, in a very painful way, how a single compromised administrative credential can make incident response planning and preparation irrelevant.
A glaring weakness in the meticulous planning and seemingly thorough analysis of all possible disaster scenarios that Code Spaces management simulated to prepare for a catastrophic disaster was exposed. The weakness? Code Spaces did not take into account or plan for the compromise of an employee’s administrative credentials which would grant an unauthorized user access to the administrative control panel used to manage back-ups, images and credentials.
Hindsight is always 20/20 but had Code Spaces enabled two-factor authentication for all administrative credentials, the hacker would not have been able to compromise the administrative account and control panel that led to the ultimate closure of the company. Two-factor authentications should be the mandatory minimum standard for all businesses due to the ease of deployment and low cost. Case in point that one simple step can literally save your business from crumbling.