I have a chronic issue with people's ability to close doors securely. The issue is at home, and it spans all ages. I am constantly finding sliding doors ajar or the front door not closed.
As some of you know I rescue English Springer Spaniels - aka bird dogs.
And we raise chickens - aka birds.
(For the record, the dog was here before the chickens.)
This isn't an ideal situation if the chickens get loose. It doesn't happen that often, but it does happen once in a while.
Did I mention that my dog can open every door not fully closed to the outside in my house on her own?
There have been some stressful moments making sure the chickens are all okay.
You also have my same door-closing issues when you find out about a "day zero" vulnerability or attack that affects your network.
Were you breached?
How do you know what you don't know?
Many people instinctively patch the hole and move on.
Out of sight. Out of mind.
But we have been reminded in the Exchange Proxy/Not Proxy attacks and the Citrix attacks that PATCHING IS NOT ENOUGH. Patching often prevents new bad guys from coming in, but it often does not delete, kill, or disable any footholds the bad guys have already established inside your network. You may have locked the door, but the bad guys are still coming and going around you.
I think no one expressed this reality more succinctly than Floran Roth. I leave you with his commentary on this:
"PATCHING IS NOT ENOUGH.
If you take security seriously, you must run a compromise assessment to check whether the device and other systems in your network have already been breached.
When you find the front gate of your castle wide open and know it’s been that way for weeks, just closing it isn’t enough. You need to check if:
- Someone has already walked in.
- Your secrets have been stolen.
- A rope ladder is hanging from the walls.
- Or worse, the king has been assassinated.
Treat this like the security incident it is."
-Florian Roth
How do you know what you don't know?
How will you find out?
We offer a number of security audits, vulnerability tests, and penetration tests to help you build confidence that the door has been locked and that your event has ended.
These events have happened and will happen to you.
When they do, we are here for you.
However, remember that we have many proactive tools to help prevent these events or minimize your exposure to them.
Call us to discuss the next steps to improve your district's security posture.
-Scott Quimby, Senior Technical Advisor, CISSP
Acture/CSI
You must be logged in to post a comment.