Chattering random observations, tips, and tutorials on all things related to IT.
My car was broken into last night. Every single loose coin was stolen in my car. My LED flashlight was also stolen. A few nice items in the car were not taken which was a relief. Also, every document in my glove compartment was examined. The documents stacked in a strangely neat pile on my passenger side seat.
This event has a lot of similarities to IT security. I’ll draw a few comparisons and then I ask you to leave me comments so we can open up some dialog.
Low Hanging Fruit
From the outside of my car the only visible items that were able to be seen was the change. Now even though I didn’t value this change as anything important, the thief did, and risked the crime of entering my car to retrieve it. I think as IT security experts we need to remember that certain things we attribute to being low value might be high value for someone else. The act of obtaining an item we attribute to being low value might cause the compromise of something that is high value. In the car example, if I had an Ipod stashed away, they could have stolen that. The Ipod itself may have been hidden well, but the money was not. In that case, the low hanging fruit I left out allowed for the intruder to reach more valuable goods. For this reason we need to make sure we correctly value our internal assets and do the best at securing things we don’t see as being that valuable enough to prevent further privileged escalation.
More than just necessity
Why were my papers organized so nicely. The intruder only took change but he or she meticulously went through every single item in my car, determining it’s value. Due to the number of items in my car/glove-box I can’t be certain that the user didn’t take something of value. Even though some nice items weren’t taken, a more hidden or not obvious item may have been taken. This makes me think about inventory management, and file integrity monitoring. This is very important as an inventory is really the only insight into where/what/how your data is organized.
Silent Entrance
The window was not broken. And in all honesty, if they put the documents back in the glove compartment I would have not known a thief was in the car until I looked at my change cup. This got me thinking about the importance of IDS and anomaly detection. If a theft occurs and you have no way of detecting it, this could be detrimental to your company. I think more SMB need to consider this even if their IT infrastructures are small. The amount of extra money and hardware to implement solid IDS systems is by far less expensive than a silent theft of trade secrets or software code.
