The level of incompetence on NCS's part is criminal, they absolutely deserved what they got. It could have been much worst, as in the malicious actor finding a way to insert code that makes it into production and then exfiltrating sensitive data to be sold on the dark web. Luckily Kandula wasn't smart enough to think like one of us.
NCS sounds like a clown show based on this article. The administrator credentials should have been changed as soon as Kandula was let go. Ideally, these credentials shouldn't have ever been used and everyone should be acting as themselves with a elevated privilege step.
As for the $678k in damages, why didn't NCS have snapshots that they could have quickly restored? Sounds like their BCDR plans need to be reviewed and updated.
NCS sounds like a clown show based on this article. The administrator credentials should have been changed as soon as Kandula was let go. Ideally, these credentials shouldn't have ever been used and everyone should be acting as themselves with a elevated privilege step.
As for the $678k in damages, why didn't NCS have snapshots that they could have quickly restored? Sounds like their BCDR plans need to be reviewed and updated.
Moral of the story is don't do business with NCS.