A recent cyber attack paralyzed networks at the opening ceremony of the Pyeongchang Winter Olympics in what appeared to be an attempt to embarrass the organizers. The cyber attack took out internet access and telecasts, grounded broadcasters’ drones, shut down the Pyeongchang website and even prevented spectators from printing out reservations and attending the ceremony.
The hackers knew usernames, server names and passwords used for the Olympic Games infrastructure, Cisco’s Talos threat intelligence division wrote on its blog, saying the malware author knew a lot of technical details of the Olympic Game infrastructure such as usernames, domain name, server names and obviously passwords.
Unfortunately, the Olympics are not alone. Corporations, I would argue, are providing the fuel and the match to cybercriminals. We essentially incentivize them for breaching our defenses by rewarding them with data or cash and in some instances, both. Creating a fertile and fruitful cyber boot camp.
All warfare is based on deception. – Sun Tzu
If we indeed are at war, we should modify how we approach the problem. Our defenses should incorporate new strategies. The question I most commonly hear is, “what are we missing?” If you are talking to someone (consultant, VAR, Vendor) and they tell you they have the answer; quickly show them the door. Any security practitioner worth their salt will tell you the truth, there is no magic bullet that can kill a unicorn.
Having said that, there are things we can do today that were not available a few years ago and technologies that approach the problem uniquely. If we are indeed going to get breached… How can we detect, mitigate and recover faster? Those are better questions than, “what’s missing?” Simply put, the longer the attack goes undetected; the greater the risk to the business. We know they are coming; now is the time to set up traps and lures designed to deceive the adversary into revealing themselves along with their techniques. Then we can show them what King Leonidas does to the uninvited.
Fun Fact: Have you ever wondered why Batman wears a Big BAT symbol on his chest? The answer is Deception at work (providing an ideal target for his adversaries). For those that did not know, it’s where his armor is the strongest. Think of it this way, a bulletproof vest does not prevent you from being shot but it can still save your life
Your Data should be protected just the same. Want to learn more about Deception, feel free to ping me. Or if you liked this post then please share and like it – Thanks!