The Security Weaknesses:
           The Security W      eaknesses:
           •  Missing formalized Incident Response Plan and Security Policies

           •  Limited endpoint security monitoring, detection, and response

           •  The Virtual Private Network (VPN) only required an id and password to
              connect to the servers hosted in a cloud provider’s data centre.
           •  The private key for Secure Shell, a network protocol that provides ad-

              ministrators with a secure way to access a remote computer, was not

              password protected.
           •  The logs, specifically of the firewall and the VPN servers, were not avail-

              able for part of the attack period.



           Appendix 1
           Appendix 1

































































                                                                                                         VERITAS    53