The global cyber wild west

June 19, 2015

Comparison of cyber security world to the Wild West sounds a bit too obvious. But I can’t help thinking of it, sorry.

The analogy came to mind as I was catching up on the recent news: data breach at the US Office of Personnel Management and Duqu 2.0 malware in Kaspersky’s network. Over 4M records stolen from the government of one of the most technologically advanced countries. Malware has been stealing data from one of the top cyber security firms for months. Wow. Do you still think any rules exist, or anybody’s data is safe?

"Them Three Mexicans Is Eliminated" by Frederic Remington

The real Wild West – was it safer back then?

Now, these news may not really change the game, but there are few things they help to highlight:

Malware and spyware evolve really fast. What we call malware is not coming from cyber-criminals only. There are serious government funds. There are bright minds working on destructive tools with good intentions, such as keeping their nation safe and secure. That is, the malware evolves at a faster pace. Kaspersky Lab engineers describe Duqu 2.0 as being “generation ahead” of anything they’ve seen to date.

I am neither a government nor a cyber-security giant. Am I safe? – NO, sorry. It’s just a question of time before the cyber-crooks get access to more advanced tools. They are well motivated to understand and use whatever helps bypass traditional security measures. They are probing all doors, enterprise, non-profit and small business alike. The goals may differ, but ultimately anyone can become a target: harvesting personal data to sell; going after specific trade secrets; building botnets; trying to gain access to your bank account. If you really want to know their motivation, Spam Nation by Brian Krebs is a pretty good window into that side of the world.

Can I prevent them from getting into my network? – Again, the answer is NO. Assume you’ve been breached already. What you can do though is maximize the costs for the adversary and minimize the damage for your business. (It’s that easy, eh?) There’s nothing new and this is all common sense. Evaluate the business risks and adjust your IT processes and policies to them. Put most of your efforts on what presents the highest risk for the business. Isolate and protect what’s most valuable. Consider tools that allow you to detect an intrusion as early as possible. Consider processes and tools that give you continuous feedback on how security controls and policies work. Patch your systems regularly. Trivial. Details and costs vary greatly, but overall approach is similar regardless of what environment we are looking at.

Stay safe and have a good weekend.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: