🚨𝐓𝐡𝐞 𝐠𝐫𝐞𝐚𝐭𝐞𝐬𝐭 𝐫𝐨𝐛𝐛𝐞𝐫𝐲 of all times exploited the 𝐝𝐮𝐦𝐛𝐞𝐬𝐭 and 𝐰𝐞𝐚𝐤𝐞𝐬𝐭 security flaw ever! Here are my learnings from this crazy event...

🤯 I know it's been some weeks ago, but I could not believe when I read that a critical security system at the Louvre used “𝐋𝐎𝐔𝐕𝐑𝐄” as the admin password. I checked two sources. Then a third. WTH!

🫠 And to make it even worse, this vulnerability was highlighted in a past audit in 2014, but 𝐚𝐩𝐩𝐚𝐫𝐞𝐧𝐭𝐥𝐲 𝐧𝐨𝐨𝐧𝐞 𝐜𝐚𝐫𝐞𝐝. And on top of that, the hardware, software and operating systems were super old and beyond end-of-life support.📸 Weeks before the night itself, intruders were 𝐚𝐛𝐥𝐞 𝐭𝐨 𝐚𝐜𝐜𝐞𝐬𝐬 𝐭𝐡𝐞 𝐜𝐚𝐦𝐞𝐫𝐚𝐬, learned the blind spots, changed some angles and planned their execution and when the eight minutes arrived, they were absolutely sure they wouldn't get caught.

↔ Making a parallel comparison to other traditional industries, it's not difficult to have tech perceived as a commodity being led solely by business people. Not only because I come from tech, but this is the 𝐛𝐢𝐠𝐠𝐞𝐬𝐭 𝐦𝐢𝐬𝐭𝐚𝐤𝐞 𝐞𝐯𝐞𝐫!

👔 A Company Board must have members from all areas and critical awareness raised by any member should require immediate actions, no questions asked! Or, actually one question must always be on the table: 𝐖𝐡𝐚𝐭 𝐡𝐚𝐩𝐩𝐞𝐧𝐬 𝐢𝐟 𝐰𝐞 𝐝𝐨𝐧'𝐭 𝐚𝐜𝐭 𝐧𝐨𝐰?

💸I know budgets are tight and change takes time. But I also know “LOUVRE” as an administrator key is not a question of budget or anything else, but rather just a dumb choice.

❗️If you lead any business, try one small test this week. Pick a critical system, rotate the admin secret and watch who calls you. 𝐓𝐡𝐚𝐭 𝐜𝐚𝐥𝐥 𝐥𝐨𝐠 𝐢𝐬 𝐲𝐨𝐮𝐫 𝐦𝐚𝐩.

🚀 ZeroTrust Framework is the way to go, think about it...