Don’t Try to Boil the Ocean
(a lesson from the Russian hackers)
Anyone with a computer is a target. Today’s data threat is stealthy and invisible. Most companies have been compromised for 27 months before they’re able to detect it. To make it worse, the only reason the breach was even caught was because the adversary got greedy and kept stealing more and more information until it finally impacted the performance of the servers. If the adversary hadn’t gotten sloppy, those attacks would still be going on without us knowing about it!
Unfortunately though, for every stupid adversary, there is at least one smart adversary. So how many smart adversaries are out there, not getting greedy? Instead of going for millions of data records, they are taking thousands every day, nice and slow, where it’s barely even detectable.
If your business is going to survive, here’s what you need to know:
- You must have enough people to respond to the alerts that you’re getting from your security devices.
- Protection does no good, without someone responding and taking action.
- Tune your security alerts to only generate the amount of alerts that your number of people can reasonably handle. (If you’re getting 30,000 alerts per hour, but your team can only handle 30 – you’ve got nothing.)
- Prioritize. You can’t do it all, so focus in on those high risk areas that could potentially damage your organization the most.
- Today’s attacks are not sophisticated.
- Most extreme attacks are a result of an unpatched server that is visible from the internet.
- Patch, patch, patch!!!
- Ideally, it’d be great to monitor all asset inventory, but until you have the resources to do so… don’t try to boil the ocean… start simple.
- Start with the servers that are visible from the internet.
- Track and make sure that no new servers appear.
- If your boss / client says, “No,” remind them how they will spend AFTER the breach (which is exactly what will happen if servers, especially those visible from the internet, are left unpatched).
- Regarding cyber security, you will always pay… but paying before or after determines the, “how much.”
- Let data drive decisions, not emotions.
- Any server visible from the internet should never contain critical data.
- Encryption keys should always be stored on separate servers.
Like I first said, everyone with a computer is a target. EVERYONE! Ignoring the problem (or putting it off until after the holidays), will not make it go away. You have to be as shrewd as the adversary when it comes to protecting all of your data. And these 4 key points are a great place to start.