[David Strom's Web Informant] Hope is not a strategy

David Strom david at strom.com
Thu May 11 06:56:48 EDT 2017

Web Informant, May 11, 2017: Hope is not a strategy

In my day job as editor of the Inside Security email newsletter
<http://inside.com/security>, I read a lot of infosec stories from various
sources: some technical, some legal, some for beginners. But I was struck
by reading this piece in Dark Reading this week by this sense of failing
purpose, and how IT is at best at parity with our attackers.

The piece is by a security consultant, Mark Hardy. Entitled, 7 Steps to
Fighting Ransomware
it does what it says, providing some practical advice for corporate IT
managers on how to prepare for the coming attack. Make no mistake: it is
coming. All it takes is one person and one careless click and your network
is compromised.

Some of Hardy’s suggestions are pretty predictable: make sure your systems
are kept up to date on patches. Segment your network to limit the exposed
systems that an attacker can easily access. Backup frequently and move them
offline for further protection. Yeah, yeah, we’ve heard it before. Some
corporations actually do these things too.

But one suggestion stopped me in my tracks: Buy some Bitcoin to prepare in
advance, in case you have to fork over the ransom on short notice. That was
a chilling point to make because it says no matter how carefully you
prepare, there is still the off chance that you may have missed something
and will need to pay out the ransom.

This is what I mean when I say we are at parity with the bad guys. We are
fighting an asymmetric war against them: they have the ability to penetrate
our networks and steal our data with a vast array of tools that are only
getting better and more finely crafted. There is malware that can operate
in memory and hide by using bits and pieces of software already part of
your operating system that is very difficult to detect. There is malware
that changes its attack signature every second. There is malware that uses
flaws in the operating system (such as one that was patched this week by
Microsoft, ironically in its malware protection engine program). And there
are malware kits that run completely in the cloud, so all it takes is money
and a few commands to launch an attack.  So it is inevitable that someday
your company will be hit, it is just a matter of when.

Security strategies are forged in the heat of battle when you realize that
no matter how many spare copies or protective procedures, something went
wrong: your copies are bad, you have mission-critical data lurking on some
executive’s laptop that wasn’t part of the backup, or some phisher dangled
some bait and succeeded. Game over.

I speak from sad experience. Not over ransomware, but a simple backup
error. Many years ago I lost my mailing list server due to a flooded
basement. All the content on my server was duplicated elsewhere, offsite,
save for one thing: the actual names on my list. A pretty critical piece of
information, don’t you think? If that server didn’t come back online (it
did), I would be out of business. I didn’t have a spare copy of my list.
All it took was a simple command to have that list of names. But somehow I
forgot to include that in my workflow. Oops.

Hardy says, “Ransomware is a clear and present danger. Companies can no
longer afford to take a wait-and-see attitude. If you're vulnerable to
ransomware and take no precautions to mitigate those vulnerabilities, then
the only thing you're relying upon to prevent an infection is hope — and
hope is not a strategy.”  So stop hoping, and start preparing.

Comments always welcome here <http://blog.strom.com/wp/?p=5904>.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://list.webinformant.tv/pipermail/webinformant_list.webinformant.tv/attachments/20170511/264d76b2/attachment-0002.html>

More information about the WebInformant mailing list