Politics The New Cold War - The Matrix, aka organized hacking

Anonymous
Stuxnet
Nigerian phishers
Bots
Chinese Hackers

I've been in this world battle...but I don't truly want to be drawn into it.
Too much time, too much effort, no trust, all risk.

Me, I just want to be a defender, correctly setting up the roles, privs and organization,
Encryption and continuous Auditing...with periodic analysis and self-probes & tests.
Beyond parameter security, which most forget.
Being even half-way diligent with followup and follow-thru, not just protocol enforcement.

But these will become even more and more apparent and pervasive as time goes on.
Companies need to be come smarter and just be consistently aware.
Like locking your doors, setting the alarm, and watching the area.
That will stop most attacks...but most just set firewalls and passwords...you need more.

Just doing things because a nice software tells you there's a "fail" is not enough to secure,
you've got to understand WHY it's saying it, verify it, define it, test it...and WATCH it even beyond, every day.
Have a true "hands-on" subject matter expert, not just an ex-cop with a check list.

I can tell you that the companies that do it right, haven't been stolen from.
But this unfortunately is not typical...most just are inconsistent.

 

Oh yes, and this comes up again today at work.
Only the question is...which is the standard we use for "best-practices" on security?

And my response back was, well...which entity are we talking about? which standard? There are many.
One uses this, another uses that...many have NIST as a base-line, but which one...version? update?
Many have one for their specific environment.
Some have it for specific methods.
Some for specific app...roles...vendors...and so on.

Well, what about a software that checks all of this?
It depends...what definition do they use?
Were the devs for the product faithful to that definition they're marketing.
How deep do they go? Are the reports detailed?
Can you automate?
Can you exclude? (IF your own environ needs that item, or deviates it, or simply can't be corrected easily or not too much cost)

Which one is the best? don't know...all pretty much the same. Not like anyone really knows who'll be questioning you anyway.
It's about followup, follow-thru...and making sure you have a person who truly knows and can execute.

--------------

On another note, I think some hacker groups are "crowing" a bit too much for their own good.
It's not an ego thing nor do I care...It's just making yourself a target.
The government has unlimited funds, resources and unending tenacity.
While they may not be the most complete of SMEs...sooner or later, they'll get you...if you give them reason to.

I'd stick with corporate, don't tweak the nose of Big Uncle.
Leave that to the other insane nation-states who have some big sticks to negotiate with. (and even they are asking for it)

 

And thus since the target moves setup for failure.

 

Can you clarify, sir?
This isn't clear to me...and I'm interested.

Are you saying that people should also be prepared for a breach,
and should have audit to trace...and backups to restore and understand the legalities and so on?
If so, I agree.

 

Yes.

It's just a matter of time.

The challenge too is to make the executives understand that a breach doesn't mean that the security group isn't doing what they are supposed to. It's always an escalating war in this area. So it is a matter of staying on top of the trends and potential exploits. It is always a best as best can.

The breach normally isn't going to be your normal opening anyways. It's going to be a social engineered exploit. Even if it is an open email exploit it's still a social engineered breach and not a 0 day attack style.

Knee jerk reaction is to fire the security team if there is a breach. That's not necessarily the best course of action, but executives like to find faults and place blame and once done think that it won't happen again. Well, duh. It can happen again, it's just a matter of time.

 

And to confirm your point, it seems that even hackers are hacked.
Anonymous has their twitter feed drilled into...

hmm...I wonder if there is such a thing as Hack Insurance.