Today’s cyberthreat environment is menacing, and it’s clear that we always need to be in a state of “high alert.” Hackers show no signs of retreat — and are becoming more aggressive and sophisticated. Earlier this year, hackers circulated a tranche of unique usernames and passwords numbering in the billions.
‘Way back then, I was introduced to “Security 101”, and Lesson 1 teaches
“You must assume the system has been compromised, is dirty and leaking company data. Your job is to mitigate the catastrophe and ONLY THEN seek to secure the system.”
They should follow the lead set by a global financial company, where the head of information security recently told me that her main metric is not what her company prevents, but how effectively the company responds after a breach has occurred.
The elephant in this room is—of course—the CEO, together with the Directors. The buck does not stop with the IT staff. IT is far too often (remember how Microsoft disabled WinXP security so migrants from W9x would have a pain-free eXperience?) tasked with making things easy for Management and keeping costs to “something reasonable”.
How can IT even begin to recover the company’s intellectual property and ensure clients are protected from the consequences of the breach? It’s a little bit late to consider reversing a firewall setting allowing all outbound traffic from any application at all.
And how many times do we see file-servers used as workstations? Or the file-server also used as the Wide Area Network Gateway?
I wonder how many senior management would consider filling a Cola bottle with kerosine and then leaving it where the young kids can get it.
Understanding the scope of the problem is the first step on the path to true panic. [Florence Ambrose, "Freefall"]