Cybersecurity Attacks Never Strike Same Place Twice Right?

There is a myth that was busted(Lightning never strikes the same place twice) by the Mythbusters at stormhighway.com:

(image from youtube video)

As you see in the youtube video, lightning can strike the same place 50 times actually. This makes scientific sense actually, as the WVAH tv tower shows if a metal rod is the highest point during electrical(thunder) storms. And since it is the highest point the large amount of positive energy in the clouds will create electrical circuit for a brief instant to jump to the rod.

So in cybersecurity  do you think if you had a weakness in process 10 years ago and did not fix it,  unfortunately a cyber breach occurred.   Now that it occurred once would it occur again?

Or in another brain teaser – If your process is not good enough to prevent a cyber breach will you be breached  even though you were never breached before?   The entire Psychology of Security should be dumped in the trash can.

It is not wise for most of us to ignore or delay reviewing our cyber defenses for any reason (including cost). The cost of a cyber breach goes so high as to even result in destruction of the business.

 

This makes sense as if you have an incorrect defensive cyber process the breach may cause data loss in the form of Ransomware on your devices. As you may know if you have a cybersecurity vulnerability on your machines they are susceptible to Ransomware which result in your loss of data.

So what you say, I have a backup, so it will not effect me. That may be true, but have you tested your backup to make sure it will actually result in a seamless transition?  In other words, a test for you to see the restored data on a separate machine?

If you have not actually tested the restore then one is leaving the corporation on a risk of how well the backup was performed. So you may get a partial recovery, which may or may not be enough to keep you in business.

The answer to the question do Cyberattacks hit the same place twice, yes of course. Due to the hackers making large attacks looking for vulnerable machines. If 20-25% of machines are not patching their machines on a regular basis then millions of  machines are susceptible to attacks and will make more attacks themselves. So the exact opposite will happen, just like on the radio tower that is the highest point in an electrical storm, the weak computer machines will create more and more attacks, thus finding all the weak machines and infecting them.

So the maxim will be: If you have a weak machine then it will be attacked no matter if you have been breached before or not. And one of these days the attacks are going to be successful, which means you will lose your data to ransomware. And I hope you have tested your backups. the day of a catastrophe is not the time to test your restore process.

Contact us to test your processes

 

What is the Minimum Cybersecurity Defense?

We all heard about the Equifax computer breach.

Which was entirely preventable¹

The problem was a little known piece of software called Apache struts, which had a vulnerability and thus if attacked would be the entry into the webserver at Equifax.

So a software vulnerability within the web server caused a weakness, and the hackers used this weakness to break in. Once the hackers were on the webserver, they had to get additional access and reviewed the server information to find a database that could be useful to the hacker.

 

So what can a Company do to prevent these kinds of breaches?

First one has to know what software one has.

Then keep up with the latest patches and updates for all software.

Seems easy right? Well sometimes there are complications. But one has to try and make the updates as quick as possible. It is tough sometimes on big servers though. As the big servers may have to reboot after an update and there is always a chance something unknown happens. So the window of opportunity to make updates may be only Saturday at midnight. And then you might have to  be ready to restore and recover if more serious problems, thus means resources must be available to be down and recover for several hours on Saturday midnight until it is brought back up.(could be several hours).

 

So to recap one needs to update software and make changes to the server with possible significant downtime.

Second, must have anti-virus or malware software software that is updated and operational.

Third, educate your employees to not perform risky Cybersecurity actions (Social engineering tricks and phishing methods).

 

If it only takes these 3 steps

  1. Update and patch your software
  2. Have an updated Anti-virus software
  3. Employee education on social engineering and phishing.

So why doesn’t everyone do this?

 

Our mission at Oversitesentry (Fixvirus.com) is that everyone _should_ do this

We propose to small and medium business:

Tell your consumer that you have done the minimum Cyberdefense (and thus you will be around even after an attack)

 

We propose to the consumer:

Tell businesses where you spend money: get the shield (Oversitesentry approved) so they can stay in business even after a Cyber Attacks.

 

Contact Us to discuss.

 

 

  1.  (story by Wired) and by story David Krebs

Can We Make Community Immunity(Inoculation) Work in Cybersecurity?

Instead of another post about the dangers of not patching your systems or inadequate configurations(i.e. errors in configs( that ultimately lead to ransomware and computer viruses running amok (or ‘in the wild’)

One ransomware infection “in the wild” means somebody failed to upgrade their machine, failed to have enough protection.

Some viruses try to infect other machines by replicating using email or other methods.

Cisco explains the difference between Viruses, worms, Trojans, and Bots

There are many different classes of bad software trying to infect us.  when 1 machine is badly configured and badly managed it is affecting all of us.

We need an environmental sound policy for all – right? We need clean water, clean air, and clean electric networks – together we can do it.

It has to be everyone including home users, but especially companies that accept credit cards, or store social security numbers and other Personally Identifiable Information (PII).

I recommend that all users step up their Cybersecurity game by doing what is necessary. As  a CISA(certified Information Systems Auditor) certified person I know what must be done and it requires another person double-checking the Information Technology of your company because it is that important.

If 80% of the computers were properly inoculated (something similar to inoculating with flushots every year against the flu) then when a new variant of a trojan/virus comes out it will not propagate as fast as today.  The eventual goal is to get 95%  inoculation and that is where herd immunity comes into play.

My contention is we do not have anywhere near that point now. One estimate is that 50% patch computers  within a month.

As CSOonline states 25% of machines get patched  within the first week, 25% of people patch within first month, and 25% of people patch after first month.

25% do not patch.  So the problem is that we cannot get anywhere near herd immunity with 75% patching within 6 months or so.

We need to change this to most people patch and a small minority does not. Until this happens we will have many problems.

Contact me to discuss your patching regimen.