The cost of not being Cyber secure could be your reputation and revenue. What is it worth to you to be Cyber secure? Running your business without cyber security protection is like being in a James Bond movie; consider the opening scene in Daniel’s first Bond movie, “Casino Royale”. The villain already has your credentials, and James is pursuing him on foot relentlessly through a myriad of difficult and dangerous situations in Madagascar: he must eventually resort to the most brutal of force to retrieve those precious credentials. Or imagine that Jason Bourne has possession of your credentials as he tried to escape the Russian KGB and Moscow police, driving your “taxi” on a single lane. The villains are in pursuit, and there’s heavy traffic coming head on, through the streets and you’re expecting him not only to survive but also escape with your precious credentials intact and hand them safely back to you. But is it only a matter of time before you’re caught? Without cyber security protection, it most certainly is!……
Most adversaries – regardless of their objectives – must be able to gain initial access, escalate privileges, steal credentials, move within and across assets, evade defences, and persist in networks without being recognised. They sneak around in the background, finding out exactly what you have and what price they can get on the black market for your personal details. Or they may work with other cybercriminals to take away your freedom and security.
Consider for a moment the story of the three little pigs sent out into the world to “seek out their fame and fortune”. The first little pig builds a house of straw, but along comes the wolf and says:
“Little pig, little pig, let me come in”.,
The first little pig replies
“no, no not by the hair on my chinny chin chin.”;
The wolf then says:
“Then I’ll huff, and I’ll puff, and I’ll blow your house in.”
And sure enough, the wolf then blows the house down and devours the first little pig.
The second little pig builds a house of sticks; the wolf also blows that house down and eats the second little pig. The third little pig builds a house of bricks, and the wolf can’t blow that house down. The wolf then tries to trick the pig out of the house by asking to meet him at various places, but each time the third little pig outwits him. Finally, the wolf climbs down the chimney, at which point the pig catches the wolf in a pot of boiling water, slams the lid on, and then cooks and eats him.
Today, individuals, businesses, communities and nations find themselves in the very same predicament, trying to stay one step ahead of the Cyber wolves. The Cyber wolves are either attacking you inside your homes and organisation or trying to lure you out so that they can steal or destroy your most valuable assets. Your credentials are the master keys to the door of the room containing those assets.
It’s only a matter of time before they break down the door. The door that you have been meaning to fix for ages but never got around to it. But be aware that any decision to defer and waive remediation activity potentially exposes you to vulnerabilities and therefore, an attack.
From our experience dealing with various individuals and organisations, there is little understanding of what it means to be cyber secure and cyber-resilient, and how to get there.
But know that you are not alone. Many of our clients, partners, and vendors have shared why they continue to drive the “taxi” to escape those villains. You must demonstrate vigilance of those who may have your keys or even part of them. Similarly, you must be relentless in your endeavours to escape their clutches. And it is the same reason why we continue to live in houses made from “straw” and “sticks”. Every mitigation strategy should be on the table to secure your defence.
As technology improves, you can continue evolving and building to keep these Cyber wolves at bay.
You need to change your mindset from reactive to proactive. While the focus is pointing at the external adversaries, we need to be mindful and watchful about trusted insiders and the threats they pose to their own organisations, either intended or not. Organisations should seek to understand what data they hold, and what information is considered critical. By working with AUSCSEC to secure and protect their customers from harm in the event of a data breach, they can reduce the risks associated with the human factor – the trusted insiders.