9 Ways to Declare Independence from Hacking

Masterchief_Productions/Shutterstock.com

It's time to drop the collective ambivalence toward cybersecurity.

The #CyberAvengers are a group of salty and experienced professionals who have decided to work together to help keep this nation and its data safe and secure. They are Paul Ferrillo, Chuck Brooks, Kenneth Holley, George Platsis, George Thomas, Shawn Tuma and Christophe Veltsos.

Watching the news and the debates during the past week felt pretty deflating. You must have heard about the entire who knew what when regarding the attempted Russian interference during the election. Much of what was said was fairly well known but with the new drips and drabs of information coming out into the open the past few days, political opportunism was bound to happen.

Despite this expected response, finger-pointing provides no true help to anybody in the world (and if we are being candid, not even within the Beltway). Sure, it is all interesting. And all of this chatter even provides a good spectacle. We even agree there are some serious questions that need to be answered, like who did know what when and why did they do (or not do) something about it.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

But ultimately, so much of it right now is irrelevant and it is darned near aggravating to keep this bad song on repeat. 

Why?  

Because while the hysteria is maxed out at full throttle, we still have these other problems going on: The country is getting its clock cleaned, its stuff stolen, its IP drained and its limited resources wasted and expended.  

Forgot for a moment the reasons why the nefarious actors are behind their actions. If you own a shop and your inventory is getting smashed and stolen on a daily basis, you may be more concerned with making it stop than wondering why the bad guy is trying to do whatever he is doing. Intent comes later. It is like triage at a hospital. You want to stop the bleeding as soon as you can lest you find yourself dead in short order.

Or if your websites get vandalized (hello, Ohio), your priority is to get your pages cleaned up (as Ohio did) and not figure out why extremists want to carry out their evil and how they were able to hack your site (that is for others to do).

So let us figure out ways how to make the bleeding stop and where possible, avoid any bleeding at all.

If we dissect each major malware exploit, each major ransomware exploit, and even all the little ones, the reasons why we are losing the cyber battle are apparent. Really, you ask?  

Yes, really.  

Here it comes: Attackers are determined while the rest of us are not. More specifically, the vast majority of the public is ambivalent. Sure, you may be “concerned” about your cyber safety when asked in a survey, but are you really doing anything about it? And how many times have you heard somebody say, “why would anybody want to target me?”  

Unfortunately, professionals in industry and government still think they are not a target. And what is worse is that many of them are still convinced that the means they used to protect their networks five years ago still apply today.  

News flash: They do not!

It is time to be honest with ourselves. We are behind the eight ball for good reason: It is our own collective fault. Stop blaming everybody else for a moment and look in the mirror.  We #CyberAvengers try to do so every day and we try to support each other, even in our daily tasks. Sometimes, something even as simple as, "have you guys noticed any unusual spam today?” keeps our antennas up. Do you do that with your close circle of friends or colleagues?

The #CyberAvengers are all patriots. We are in this together for the good of the country and a united front on this issue would actually do us all some serious good.

We are going to get all sci-fi on you for a moment. Remember the movie "Independence Day"?  You know why the aliens got their butts whooped despite their shatter-your-mind technological superiority? Humanity won because people decided to work together to bring down the space squids. And chances are most of you felt pretty darn good when there was that unified “we won” feeling.

No, this article is not intended to give you a chill down your spine the same way flying an F-18 into a spaceship does. Nor do we think it will make you question our sanity for comparing the cybersecurity challenge to a Hollywood movie (aside: “Shall we play a game?”).  

By the way, as the story goes, President Ronald Reagan saw "WarGames" at Camp David and a week later at the White House asked his senior national security staff if something (like what happened in the movie) is possible to happen. Much of the staff and members of Congress tried not to laugh, apparently.  

A week later, Gen. John W. Vessey Jr, chairman of the Joint Chiefs of Staff said, “Mr. President, the problem is much worse than you think.

Back to the entire “united front” thing. This article is written in the same spirit that the movie "Independence Day" was, namely: The only way to stop some big bad evil thing from messing up our way of life is to work together (even with people we may not initially would have worked with) and may even have to make sacrifices.

We celebrate the Fourth of July because we declared independence. It is when a small group of people, now known as patriots and heroes, said enough. That is what we are asking of all of you this year: Say enough already with this cyber nonsense, do your bit to push back against this common threat, and do not let up.

How do you say enough to all of this?  

With humans being responsible for 90-plus percent of all cyber incidents, just starting with the basics will do miracles.

1. Update and patch your networks, operating systems and devices promptly. “Critical” is “critical” for a reason. Do it within 72 hours of release.  

2. Pretty please with a cherry on top, train your employees (and yourself) on how to detect spear-phishing attempts and what best social media practices are. Please! Quarterly training can reduce the risk by up to 90 percent in most cases.

3. Use multifactor authentication. We have effectively reached the age of password uselessness because of our poor habits. Passwords slow down bad guys who do not know what they are doing. Biometric solutions are great, but proceed with caution if you go this route because you now have data management and privacy concerns that must be addressed.

4. Backup regularly—daily, if feasible. Where possible, use the “1, 2, 3” backup rule: a segmented backup on site, one off-site and one in the cloud. No need to pay the ransom if you have a clean backup ready to be uploaded to your system.

5. Be cautious with older systems. Yes, you can repair them and we are fully cognizant that the upfront capital cost is something some cannot afford. But If these systems are past their “patch life,” when support stops, they become big, fat juicy targets for hackers.

6. Sometimes the best answer is the cloud. There are state-of-the-art hardware and software there, and cloud migrations have become easier, especially over the last two years. The cloud is not a savior. We admit that. And it comes with other issues, such as needing to learn what your obligations and responsibilities are, ensuring you have robust agreements with your vendors, and knowing what third-party sources will have access to your information.

7. Know how your intrusion detection and prevention system works (if you have no clue what we are talking about, find somebody who does). Is it signature-based? Perhaps it is behavioral-based? Maybe it is both? New cyber threats require new tools. This is where machine learning, cognitive computing, artificial intelligence, automation and orchestration all come into play. Internet data traffic is just becoming bonkers. No human is able to this on their own. We have reached the zettabyte age. What’s a zettabyte, you ask?  That’s 1,000,000,000,000,000,000 bytes. Some #CyberAvengers work on that here.

8. If you cannot do much of what we suggested, consider a managed service provider or a managed security service provider. We know cybersecurity is not everybody’s cup of tea, but one ransomware attack on a server message block could be crushing. There are options out there to help you. It costs money, but you are buying peace of mind. Do your homework and find the right solution for you.

9. Do you drive your car without insurance? OK, if you do, do not admit that to us. Cyber insurance is not mandatory yet, but it may be in the future. And chances are if you are doing a lot of what we are suggesting, you will be on the low end of premium payments.

In closing, we have written two books (available here and here). We have a thwack of other writings (many available publicly from our LinkedIn pages or blog sites). We have attracted plenty of publicity and we thank all our supporters from all over the world (seriously, thank you!). Yet, our frustrations remain: We continue to struggle unnecessarily.

Clicking a “like” button on Facebook may make you seem cool and in “support” of something, but actually doing something is where your true support is shown ... and pays off.

Declare your independence from the malicious actors and do what you can to thwart them. We have given you a few easy steps how to do so.  Imagine if we all did all smart part what a difference it would make.

A happy Fourth of July to all!

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.