Security isn't just about a good fence
Bruce Armstrong
New Direction - Boardgame Developer See launch of Zig Zag Tag on Kickstarter soon - if you like it, pledge it!
Jucy Rentals: A modern analogy on "cybersecurity" impotence
On ANZAC day 2020, Jucy Rentals yard in Auckland was breached through a hole in the fence. Over 100 cars were stolen - driven out through the gate. The cars had been left unlocked with the keys inside, the Police said. It appears that the fence breacher let others know about their work and it became a free-for-all on the day that New Zealand remembered our fallen soldiers.
"We have spoken to other rental car companies in the wider area to ensure they have appropriate security measures in place, which includes keeping vehicle keys hidden in a secure place." the detective in charge said.
Jucy Rentals reliance on a fence to protect their valuable assets proved to be their undoing.
Assuming the fence couldn't be breached and not taking other measures to protect their cars was a key failing. They didn't lock the cars or store the keys safely. They didn't have any CCTV or surveillance, and the gate to exit the yard had no additional security measures or monitoring. Security-wise this is a massive fail.
Ironically, in cybersecurity terms, this is how most organisations are set up. A fortune is spent building a fence around key assets and infrastructure, which is relied on to provide all their security. Expensive Firewalls with all the bells and whistles are believed to protect them - at least that's the hope (with great reassurance from their Firewall vendor). So, there's no money for other security measures. No keysafe. No proxies. No Data Loss Prevention. No Privileged Access Management. No Sandbox. No cyber intelligence. The list goes on. Just one big fence. One single point of failure. The fence builders know this, which is why they've been scrambling for 10 years to make their fences better.
You need the fence - don't get me wrong on that, and the best fence you can get. You also need smarter security - tools and services like those listed above. And you need intel - information from outside your fence - the likes of which Darkscope delivers, so you know if your fence is going to be attacked.
I'll leave the last words to Tim Alpe, Chief JUCIFIER at Jucy Rentals, "We just want our vehicles back," he said, adding: "It sucks."