Cyber-warnings, cyber-speculation over cyber-Iran's cyber-retaliation cyber-plans post-Soleimani assassination With tensions soaring between America and Iran following the drone strike that killed top Persian general Qassem Soleimani, experts are weighing in on what the US could face should the Mid-East nation fully mobilize its cyber resources. The threat of an online attack from the wannabe-nuclear state was significant enough that …
Because only after a real cyberattack that demonstrates how bad it can be will there be the proper wakeup call. Until then it is all just "hackers broke into one company but that's not applicable industry/nation wide" or "stuff that happened in Ukraine that could never happen here".
Because whatever Iran can do, I have no doubt that Russia, China and possibly North Korea could do worse.
True, if there was ever an event that could finally force people off closed source garbage like Windows and Intel this would be in the top running. At least it's possible Iran could stuff up the actual attack part, limiting damage some, whereas the other players would know how to inflict maximum damage and make absolutely sure to salt the earth the first time around.
It has nothing to do with Windows or Intel. Open source software has equal problems and can just as easily be hacked, if it isn't properly configured (E.g. Apache, MongoDB, MySQL, PHP etc.)
It is how you secure your infrastructure and your data that counts, not neccessarily what it runs on. For example, isolating critical systems from the office network and the Internet, ensuring backups work and ensuring that the firewall is set up properly to only let in needed traffic.
It is comfortable for a manager to be able to check on his factory floor equipment from the other side of the world. Whether that is in any way a good idea, let alone good security practice, is another. That kit should be isolated as much as possible and no access or changes possible over the Internet.
But most importantly, user training. It is irrelevant how good your systems are, the human in front of the device is always the weakest link.
The other question is if companies will just demand more fingers in the dike or if they'll step back and look at all possible ways the sea could engulf them.
My employer was hit by a likely state-sponsored DoS a couple years back. We did the typical post-attack expansion of capacity. But we also started looking at more non-traditional attacks, just in case that DoS attack was just a distraction. We had been quietly ramping up countermeasures against internal threats from disgruntled employees for years, but after the attack, we really started looking into state-sponsored espionage and sabotage. Stuff that was common practice just a few years ago can now result in immediate termination.
As to my first question, I have a bad feeling that most companies really won't step back unless the attack is devastating financially to them (or an unlucky competitor whose failure is now an example for all) or unless new regulation forces them to do so. And we all know how businesses love new regulations.
Very true but we've seen this in the UK. If you were one of the NHS Trusts hit by Wannacry money was thrown at cyber/info sec. Where as the rest got pennies. Why?
Because the execs wanted their backs covered and knew a second incident like that would end their careers if they'd done nothing, the rest have sat on their hands.
That's not accurate at all. The NHS used money ring fenced by central government for security to purchase Windows 10 licenses for every work station within the NHS on the provision that Trusts had to connect them in to a new centrally provided ATP instance. They also funded a perimeter security project for firewalls targeted at critical trusts. There are other things in the pipeline that are yet to be made public. Why funded centrally? Because the trusts themselves simply don't have the budgets for IT infrastructure or IT staff which is why Wannacry was able to happen in the first place! But patching operations for similar vulnerabilities have been significantly reduced across the NHS.
Just following these simple steps:
1) Generate a slide-deck (or PDF) from your Firewalls, showing all the port-scans and dodgy looking URL requests over the weekend
2) Share slide-desk with your CFO and mention "It was lucky you spotted these, and had to spend the weekend monitoring and manually blocking them from accessing the Accounts file share"
3) Finally, enjoy your new shiny Firewalls and Coffee Machine
You're Welcome.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
