June 27, 2017
Independence Day from Hacking
Watching the news and the debates during the past week felt pretty deflating. Surely you must have heard about the entire “who knew what went regarding the attempted Russian interference during the election.” Much of what was said was fairly well known, but with the new drips and drabs of information coming out into the open the past few days, political opportunism was bound to happen, no matter what.
Despite this expected response, finger pointing provides no true help to anybody in the world (and if we are being candid, not even within the Beltway). Sure, it is all interesting. And all of this chatter even provides good spectacle. We even agree that there are some serious questions that need to be answered, like who actually did know what when and why did they do (or not do) something about it.
But ultimately, so much of it right now is irrelevant and it is darned near aggravating to keep this bad song on repeat.
Why? Because while the hysteria is maxed out at full throttle, we still have these other problems going on: the country is getting its clock cleaned, its stuff
Because while the hysteria is maxed out at full throttle, we still have these other problems going on: the country is getting its clock cleaned, its stuff stolen, its IP drained, and its limited resources wasted and expended.
Forgot for a moment the reasons why the nefarious actors are behind their actions. If you own a shop and your entire inventory is getting smashed and stolen on a daily basis, you may be more concerned with making it stop than wondering why the bad guy is trying to do whatever he is doing. Intent comes later. It is like triage at a hospital. You want to stop the bleeding as soon as you can lest you find yourself dead in short order!
Or if your websites get vandalize (hello Ohio), your priority is to get your pages cleaned up (as Ohio did) and not figure out why extremists want to carry out their evil and how they were able to hack your site (that is for others to do).
So let us figure out ways how to make the bleeding stop and where possible, avoid any bleeding at all.
If we dissect each major malware exploit, each major ransomware exploit, and even all the little ones, the reasons why we are losing the cyber battle are apparent. Really, you ask?
Here it comes: attackers are determined; the rest of us are not. More specifically, the vast majority of the public is ambivalent. Sure, you may be “concerned” about your cyber safety when asked in a survey, but are you really doing anything about it? And how many times have you heard somebody say, “why would anybody want to target me?”
Unfortunately, even professionals in industry and government still think they are not a target. And what is worse is that many of them are still convinced that the means they used to protect their networks five years ago still apply today!
News flash! Alert! Alert! They do not!!!
It is time to be honest with ourselves. We are behind the eight ball for good reason: it is our own collective fault. Stop blaming everybody else for a moment and look in the mirror. We #CyberAvengers try to do so every day and we try to support each other, even in our daily tasks. Sometimes something even as simple as, “have you guys noticed any unusual spam today?” keeps our antennas up. Do you do that with your close circle of friends or colleagues?
The #CyberAvengers are all patriots. We are in this together for the good of the country and a united front on this issue would actually do us all some serious good.
We are going to get all sci-fi on you for a moment (perhaps even cheesy for some of you). Remember the movie Independence Day? You know why the aliens got their butts whooped despite their shatter-your-mind technological superiority? Humanity won because people decided to work together to bring down the space squids. And chances are most of you felt pretty darn good when there was that unified “we won” feeling.
No, this article is not intended to give you a chill down your spine, in the same way an alcoholic on a flying an F-18 into a spaceship saying “up yours!” does.
Nor do we think it will make you question our sanity for comparing the cybersecurity challenge to a Hollywood movie (aside: “shall we play a game?”).
By the way, as the story goes, President Ronald Reagan saw WarGames at Camp David and a week later at the White House asked his senior national security staff if something (like what happened in the movie) is possible to happen. Much of the staff and members of Congress pressed tried not to laugh at the President apparently.
A week later, GEN John W. Vessey Jr, Chairman of the Joint Chiefs of Staff said, “Mr. President, the problem is much worse than you think.”
Back to the entire “united front” thing. This article is written in the same spirit that the movie Independence Day was, namely: the only way to stop some big bad evil thing from messing up our way of life is to work together (even with people we may not initially have worked with) and may even have to make sacrifices.
We celebrate the Fourth of July because we declared independence. It is when a small group of people, now known as patriots and heroes, said “enough.” That is what we are asking of all of you this year: say “enough” already with this cyber nonsense, do your bit to push back against this common threat, and do not let up (remember, just because you defeat them once, does not mean evil space squid will never come back in a horrible sequel).
How do you say “enough” to all of this? With humans being responsible for 90+ percent of all cyber incidents, just starting with the basics will do miracles.
1) Update and patch your networks, OS, and devices promptly. “Critical” is “critical” for a reason. Do it within 72 hours of release.
2) Pretty please with a cherry on top, train your employees (and yourself!) on how to detect spear phishing attempts and what best social media practices are. Please! Quarterly training can reduce the risk by up to 90% in most cases!
3) Use multi-factor authentication. We have effectively reached the age of password uselessness due to our poor habits. Passwords slow down bad guys who do not know what they are doing. Biometric solutions are great but proceed with caution if you go this route because you now have data management and privacy concerns that must be addressed.
4) Backup regularly (daily if feasible). Where possible, use the “1, 2, 3” Backup rule: 1, a segmented backup on site, 2, one off-site, and 3, one in the cloud. No need to pay the ransom if you have a clean backup ready to be uploaded to your system.
5) Be cautious with older systems. Yes, you can repair them and we are fully cognizant that the upfront capital cost is something some cannot afford. But the critical issue becomes support (patches) for these system stops. If these systems are past their “patch life” they become big fat juicy targets for hackers.
6) Follow on to the last point, sometimes the best answer is the cloud. There is state of the art hardware and software there and cloud migrations have become easier, especially over the last two years. The cloud is not a savior. We admit that. And it comes with other issues, such as needing to learn what your obligations and responsibilities are, ensuring you have robust agreements with your vendors, and knowing what third-party sources will have access to your information.
7) Know how your intrusion detection and prevention system works (if you have no clue what we are talking about, find somebody who does). Is it signature-based? Perhaps it is behavioral-based? Maybe it is both? New cyber threats require new tools. This is where machine learning, cognitive computing, AI, automation, and orchestration all come into play (yes, we have a positive bias towards this systems but only when done in tandem with all other techniques we have been discussing). Internet data traffic is just becoming bonkers. No human is able to this on their own. We have reached the zettabyte age. What’s a zettabyte you ask? That’s 1,000,000,000,000,000,000 bytes. Some #CyberAvengers work on that here.
8) If you cannot do much of what we suggested, consider a Managed Service Provider (MSP) or a Managed Security Service Provider (MSSP). We know cybersecurity is not everybody’s cup of tea, but one ransomware attack on an SMB could be crushing. There are options out there to help you. Sure, it costs money, but you are buying peace of mind. Do your homework and find the right solution for you.
9) Do you drive your car without insurance? Okay, if you do, do not admit that to us. Cyber insurance is not mandatory yet, but it may be in the future. And chances are if you are doing a lot of what we are suggesting, you will be on the low end of premium payments.
In closing, we have written two books (available here and here). We have a thwack of other writings (many available publicly from our LinkedIn pages or blog sites). We have attracted plenty of publicity and we thank all our supporters from all over the world (seriously, thank you!). Yet our frustrations remain: we continue to struggle unnecessarily.
Clicking a “like” button on Facebook may make you seem cool and in “support” of something, but actually doing something is where your true support is shown…and pays off.
Declare your independence from the malicious actors and do what you can to thwart them. We have given you a few easy steps how to do so. Imagine if we all did all smart part what a difference it would make.
A Happy Fourth of July to all!
In Defense of the United States of America,
The #Cyber Avengers
The #CyberAvengers are a group of salty and experienced professionals who have decided to work together to help our country by defeating cybercrime and slowing down nefarious actors operating in cyberspace seeking to exploit whatever their tapping fingers can get a hold of. How? We do this by raising our collective voices on issues critical importance so that we can keep this great country in the lead – both economically and technologically – and to keep it safe and secure. All the issues are intertwined and more complex than ever, which is why we have differing backgrounds, but have common cause. We complement each other, we challenge each other, and we educate each other. What do we get out of writing articles like this? Nada. Goose egg. We are friends. We are patriots. And we are not satisfied to sit around and do nothing. We want to keep this nation and its data safe and secure.
The #CyberAvengers are: Paul Ferrillo, Chuck Brooks, Kenneth Holley, George Platsis, George Thomas, Shawn Tuma, Christophe Veltsos