The Old-School Cybersecurity Technique
by The Lazy Anarchist.
You ever had that feeling that we go so far ahead that we actually go backwards, is advanced cybersecurity always the answer?
Encryption, double encryption, SHA256, SSL, cryptography, MFA, KFC, whatever it is, it is getting out of hand crazy. Then maybe quantum computing is going to come around and blast all this to bits. What if some times we are over complicating things. Think about the corporate couple that makes appointments or books meetings with one another and perhaps connecting via VPN and using encrypted communications to talk to each other. Is it possible that for some scenarios, there are secure solutions that are just so simple?
Even though the cyber-doomsday-sayers are on everyday, you know the phrase, it is not a matter of "IF" but "WHEN" a breach will occur (I think I used this before, lame right). I don't disagree with this fundamentally but it is like me implementing enterprise grade cybersecurity in my home and managing my home devices and network like a freaking A class ethical hacker (I do:).
Hackers are naturally curious beings, just can't help hacking systems with open gates. They do us a huge favour in checking the security of newly released software. So as long as we need digital assistance, and updates, there are going to be the hackers that help us find the problems in the systems. So, the answer to continuously deployed vulnerable systems, is to continuously deploy fixes with more vulnerable systems. The answer to bad cybersecurity, is more cybersecurity.
Is there an end in sight? The dirty answer is, no.
As the cybersecurity gurus keep telling us we need to buy more cybersecurity services, we need to ensure that these are not all taken as if we have no choice in the matter. Indeed, we may have no choice but we need to evaluate each choice to determine if that really is the case. It is like a belt salesman, while you wonder about what colour and material will work, you gotto ask your self if you need a belt in the first place. Do you need a belt if you have big pants?
Well, what am I on here. It's not grass I tell you. I don't plan on going green anytime soon. I don't have anger, but I do have hunger. So, it is what it is. If you still following, then you are nothing short of being legend in your own mind.
So what is the answer. Evaluate, evaluate, evaluate. If you are told that you have weak cybersecurity and you can't get cyberinsurance and you are going to be breached and you going to have audit findings and so on. Don't panic. Evaluate.
Have really good and complex passwords that you change often, at least monthly for now, this helps. You know it is going to take a couple days at least to crack a complex long password. If a kid doing a fatawaka in the basement has a quantum computer, then there is no business case to hack your password. They already have gajillions to buy a pocket sized personal quantum computer that they using for hobby craft.
Be careful what you tell colleagues and strangers you meet in passing. They might be connoisseurs body language and part-time social engineers. It is not hard to pick-up, from ones ego-maniacal comprehensive portfolio of social media self indulgence, whom your spouse is and where your kids go to school and what computer you use and where you shop and live and what the name of your pet is and the name of the city you were born in and your mothers name and... is this sounding familiar? If not then let me say I forgot your password.
What about encrypted data and third-party suppliers. You think that NDA means anything. Keep telling yourself that buddy. Those "helping" you are stealing your corporate confidential information and intellectual property and using it to develop their own services and capability.
Well I am egotistical enough to take a stab at it with ball?
Thankfully, us lazy people are quite innovative when it comes to hard work. I binge-watched a few episodes of ancient civilisations, middle age cults and early 20 century spy movies and found some answers so simple that I might be a called an idiot-savant.
Apart from simple cybersecurity practices like basic password good practices, social and security awareness and implementing some basic firewall/router configs and malware protection, encryption and MFA, we should really find alternate solutions in our business processes before yielding to very costly advanced cybersecurity. Some users need a for dummies guide too, so you gotto tell them not to give the work email, password and code out to anyone asking. Basic security awareness training goes a massive way forward in protecting your organisation. Just like software, every user can be a vulnerability.
You would tell your child not to talk to strangers right. Well we are like ICT user children compared to hackers. If you do not need to store personal data, then simply do not collect it. If you have a central source of the truth of your companies confidential IP, then apply infinity stone cybersecurity on that and don't stress about the rest. Be more targeted and your cybersecurity portfolio will be more effective. If you don't have to tell partners your secrets or where the crown jewels are kept, then don't do it even if they play pocket soccer with you.
Together with C-xO, the right engagements were made and we have come up with a model that addresses this problem. The Lazy Anarchist strikes again, and in collaboration with C-xO.com's research and development division, we are in the processing phase of a new set of service offerings coming soon...
I have learned that the nob machines and cookie cutters are necessary but we can improve and find better ways in the maze.... The Lazy Anarchist.