We reported last summer on the CCleaner cyber hack. CCleaner is a consumer product, but the entire point was to hack the enterprise.
Now we have the complete post-mortem on this attack, thanks to a session at RSA last week.
Also raised during the session, according to a good read in WIRED, is something that applies to every organization going through M&A.
CCleaner was acquired by Avast just before the hack was detected. Avast's Chief Technology Officer, Ondrej Vlcek, said:
"A big lesson for us was about due diligence. When companies do mergers and acquisitions, most of the due diligence is around financials, maybe legal risks, or intellectual property. But I don’t see companies focusing too much on cybersecurity in terms of digging deeper into whether the company has a breach. This certainly changed our process. If we had focused on it during due diligence I’m sure we would have been able to find at least some indication."
