ITSecurity Trainingsecuritycommunity

Why Did I Write My Book “Too Late. You’re Hacked”?

Long Story Short: Because I know that small businesses have a Cybersecurity problem. I define small as having less than 300 computers to manage. And i want to help the small businesses survive from any potential Cyber issues.

Case in point a story from TechNewsWorld  “Outdated Windows Users Flout Computing Safety”

Kaspersky on April 26 released survey results revealing that almost one quarter (22 percent) of PCs still run the end-of-life OS Microsoft Windows 7, which stopped receiving mainstream support in January 2020.

 

This is typical of most people including small business as upgrading systems and software is difficult and sometimes does not happen until the machine breaks or something else catastrophic happens.

There is a significant chunk of he population on the Internet that does not update on a regular basis. And I wanted to write a book to help people make better decisions.

 

Another quote from the article in TechNewsWorld:

Those still using Windows 7 are consumers, small and medium-sized businesses (SMBs), and very small businesses (VSBs). The survey points out that almost a quarter of VSBs still use the outdated OS because they lack dedicated IT staff.

Thus yes we do have a big problem with a number of people (22% or some say 30% do not patch properly)

Should I make a book that will create controversy? Or should I try to give some information to try and help people?

What I did was set up a reference for PCI compliance  attempting to make it as simple as I can.

Explaining the issue of EOL software (End Of Life) is important since once software is no longer updated it will have problems.  If a hacker can find a vulnerability after the software is EOL there will be no fix.

This issue happens for Windows10 as well from Microsoft website:

Edition Servicing timeline Released first half of year (H1) Servicing timeline Released second half of year (H2)
Windows 10 Enterprise Windows 10 Education Windows 10 IoT Enterprise 18 months from release date 30 months from release date
Windows 10 Pro Windows 10

Pro Education Windows 10 Pro for Workstations Windows 10 Home1

EOL is a problem for all software as what happens is that time keeps moving on and software changes as the technology changes. Sometimes when a new program language is created it is much better then the old, but it will not work with the old software. The only thing to do at this point is to upgrade the software. If you notice software sometimes uninstalls old and installs a new infrastructure underneath.

Another reason: new computer hardware (an example would be when the jump to 64bit cpu from 32bit cpu happened) some software does not work on 64bit (if it is 32bit software). Notice these days when you download software it asks you (64 or 32 bit?).

3rd reason (to keep to 3), the “Psychology of Security” which means that some of us have a proclivity to not pay attention to security until it is too late because of the risk cost trade-off. This image is from a previous post on this blog on December 17, 2019

The key in the above image is the juxtaposition of cybersecurity costing money to save more money for example to save a $1000 one has to spend $500.

The problem is one of misunderstanding and risk analysis. The business owner makes a calculation with an understanding that the future will be similar to the past. But this is  not the case with the latest threat actors (China,Russia/East Europe, Iran, and NKorea).

The attacks are ever changing and thus the risk is always increasing – it is not staying the same.

The are criminal gangs all over the world which are allowed to  attack from their areas due to the government turning a blind eye (or corrupt officials which allow this kind of attack for a kickback). The problem with ransomware attacks are they are easy to make scale. So that it is just as easy to make 1000 attacks as it is a million.

The problem is just because you did not get attacked last month it is no guarantee it will not happen this month, in fact the longer time goes on the more likely you will get attacked and if you did not spend enough money on your defense then you will be breached as it is just a matter of time.

The risk analysis that you thought was accurate is not accurate. The reality is that the attackers will get to you and probe all defenses, if there is a weakness they will make it through and make a breach.

Now you are dependent on the effectiveness of the hacker as to whether it will be successful or not. Is that really a successful long term strategy to keep your business thriving?

Contact Me to discuss

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.