Page 24 - index
P. 24
1) We’re all infected and don’t know it. Assuming you are infected positions you better to
proactively harden your systems and remove zero-day infections. With this key
assumption, you need to backup all your data files, wipe and reimage your computers
and install only legally owned copies of software.
2) You can’t let Smartphones and Tablets onto corporate networks (bring your own devices
– BYOD dilemma) unless they can be managed. This also means deleting all apps and
then starting to install trustworthy apps from sources you know and trust. How many
apps do we have installed without knowing if they have backdoors or they, themselves,
are not just tools and games but are also RATs in disguise?
3) Employees at Sony are not trained like employees at Coca Cola. This company hasn’t
had a breach or lost a secret formula in 100 years. Cyberarmies could attack Coke for
the formula and most likely would never succeed in getting it, using the means they used
on Sony. Why? Because Coke practices Employee Training (for social engineering),
has frequently tested and updated security policies (including physical security, people
security and network security) and they don’t leave the secret formula out in the open –
they practice COUNTERVEILLANCE (see http://www.snoopwall.com/free to take my
free beginner’s course on this subject matter).
Best Practices for 2015
Working backwards, reviewing this Sony Pictures breach, we can see lots of reactive behavior.
Why not get proactive instead of reactive by:
a) Training Employees Better
b) Hardening Systems (see: http://nvd.nist.gov)
c) Detecting and Removing RATs
d) Deploying Full Disk Encryption and Real-time Backups
e) Defending Against Phishing Attacks
f) Managing the BYOD Dilemma
Of course it’s easier said than done. The biggest weakness at SPE was their employees and if
you can’t train them to behave better and understand phishing attacks, proper password
24 Cyber Warnings E-Magazine – December 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
