The Jab of Cyber-Attacks

I have just read yet another product placement article written by a well-respected US vendor, at the back of WannaCry.

My feelings are ambiguous about this as this was all but unavoidable and more to the point, we behave like a collective Titanic, focusing on the tip of the Iceberg.

Meanwhile, it’s great to hear from customers who have seen the Iceberg, changed course and successfully made it to the other side of the pond.

I shall –as faithfully as I can, expose what came out of many many conversations in the last few months:

Touch wood it did not happen to me (serious hack/infection)

 That was the (heartfelt) answer from a CIO I met last week discussing the encryption vs privacy conundrum.

 Alas, this posture is all too common and seriously antiquated.

 Considering that RISK = Probability X Cost, we can all see that it is also likely to evolve (read improve!).

 WannaCry gave us a better grasp of how probable it is, and certainly how expensive it gets –ignoring the ransom fee which really was not the aim of the attack I feel.

 Possible alternatives:

 Start integrating Information Security in your overall risk management strategy –with a clear owner, if you have not already.

 Cyber-Threat resilience solutions is somewhat like tech support I suppose, think of it as car insurance.

Get road-side assistance and gold coverage for your belongings too. It will come handy after you had that crash.

Learn and practice first-aid, also handy when the worst affected start screaming for help

The vendors are simply trying to squeeze more $$ out of us

This is absolutely true and entire industries depend on a fair reward for constant innovation.

There are however moments where vendors are also impeccably responsible, towards the public, the planet and their customers.

Microsoft was one of those vendors who respectfully urged their XP customers to migrate to newer OS versions for years, with absolute clarity both in terms of support life cycles and the implications of being left behind.

Possible alternatives:

Your Microsoft TAM is your “friend”, next time take action when she/he says you may get compromised running old unsupported OSes.

In more general terms baseline your operations and your estate, test for vulnerabilities from code, to web services and websites and systems.

Work with your vendors to automate remediation where possible, with nominated DevOps leads.

Add (operational) disaster recovery to your bucket list, with regular iterations.

And prepare, rehearse and repeat those head movements, the jabs will keep on coming.

This system is too critical to be updated.

We all heard this before. Did you say Oxymoron?

And that’s the best part because this Wannacry incident was in fact very light-weight. It could have CRIPPLED the systems concerned…but that’s ok right? What’s the logic here, critical systems are binary in fact? They are either “on with maximum operational uptime” or “just down”? I sense there is a journey of maintenance to be had somewhere in the middle.

What about all those UNIX and Commercial Linux systems out there also running critical operations? What happens when they come into malicious focus?

Possible alternatives:

Identify what is critical, the crown jewels and the data sets enabling those.

Make it an absolute priority to exit the previous paradigm and evolve these systems into maintainable assets.

Deploy deep network analytics solutions in order to immediately be alerted of unusual and abnormal behaviors around the said systems FIRST.

Wannacry was not subtle and created a lot of unnecessary lateral communications.

One cannot act on what one cannot see (unless you are Matt Murdock aka Daredevil of course).

 The tip of the Iceberg

Microsoft Windows XP was unsupported for 3 years at the time of the Wannacry incident.

It is common knowledge that MANY organizations world-wide still run Windows XP for different reasons ( LOB applications running on them, critical operations they support, cost of migration etc)′.

However, I do not believe the WannaCry outbreak was an attack on specific customers in that group, or an effort to acquire considerable wealth.

It was the jab of Cyber-Threats designed to create the right conditions for a knock-out offensive.

Our reaction to the outbreak was observed, probably measured. That’s distance taking.

We have shown our reactions faced with an attack, how we get organized, how we respond and perhaps counter-intuitively our state of mind when faced with an event of that scale. That’s gives a measure for how effective the disruption was.

And this has taken a lot of our focus away from the dark and murderous mass lurking under the water (the Iceberg for those not asleep yet). That’s creating the opening for that uppercut or that devastating hook.

Now they understand the distance, how disrupted we can get and how we respond. What will the next attack look like?

How many systems have known exploits and backdoors that could satisfy trigger happy activists and hackers?

Oh, and you can also come to us and buy more products. That’s fine too.