What Worked In the Past May Not Work Soon

We are always enthralled with technology and how it changes the status quo, but we also need to be aware of tactics that use technology may need to get updated.

In 2017 we are obsessing over online sales and how the smart phone is changing our world.  Now there are grumblings over automated cars and quantum computers which will upend encryption technologies and how we defend our networks.

Do you remember this headline?

“SSL security is no longer PCI compliant”

The encryption technologies become obsolete once a method is developed by wily people to circumvent the technologies (in this case SSL)”

Yes, when quantum computing starts to crack our current ‘unbreakable’ encryption it will make us change how we try and secure data, but until then are we just worrying about nothing?

What about more effective Windows Kernel exploitation? Like in this BlackHat 2017 presentation:

The paper  shows that it is possible even with all of hte Windows10 mitigations built-in by Microsoft to bypass the kernel-mode read primitives. I.e. even the new Microsoft operating system is vulnerable to attacks.

I bring this topic up as we are not sure how the future will be, and thus we do  not know which part of our current life to change so as to ‘fix’ future problems.

Here is a very old “change decision” I am sure you know by now that the dutch had the land of what is currently called Manhatten (NY) and called it New Amsterdam (year of 1660 map below)

only 4 years after this map the city was called New York as the Dutch governor surrendered to an English expedition. The whole history is on this website: History.com. 

I am sure the Dutch going on the first expedition and creating the colony in 1626 did not think in just 34 years it will be English. Circumstances were such that the Dutch lost possession or thought it was in their interest to trade/give away what they painstakingly created.

Things change quickly, all those plans for many years and in a heartbeat all changed. Now over 300 years later we do not even remember the dutch in america (except for historians and quirky IT people).

So lets take it back to 2017… We need to plan contingencies for many different situations before they happen, otherwise events will overcome our actions and actions become reactionary and we are just trying to keep our heads above water. Or what we think is above water. What am I talking about in specific?

  1. Ransomware attacks
  2. Social media and email phishing employees of companies

Let’s keep it simple and try and devise strategies to defend against both 1 (ransomware) and 2 (phishing) attacks.

What can prevent a ransomware attack if attackers are constantly improving themselves and sometimes errors occur in your network? Maybe prevent is a bad word. Keep you in business are better words: A well designed backup strategy will make you survive all attacks even if they take your computers out. Or if a disaster occurs.

If you are a person in charge of your business what is the reasonable assumption of knowing 100% that your business will be alive next year no matter what?

Your business must have security procedures which have to include backup and recovery strategies.

Make sure that your IT department has the wherewithal to handle this new world by auditing it and receiving  reports for the future occurrences. Don’t be a standard business with no cybersecurity budget or have not backed up your files.

Since I am CISA Certified I can audit your network and computers to give you some peace of mind to.  Contact me to get peace of mind.  https://fixvirus.com/about-us-full-story/

 

Advertisements