Showing posts from November, 2019

Philosophy of Mr. Robot, 101

Control is about as real as a one-legged unicorn taking a leak at the end of a double rainbow.  The sage words of one Elliot Alderson, aka Mr. Robot. Of course, he also said “control can sometimes be an illusion. But sometimes you need illusion to gain control”. Control, therefore, or the semblance of control, is key to preventing and fighting a cyber-onslaught. Mr. Alderson has much wisdom to impart to us on this topic. Together, let’s take a brief Fsociety University ‘Wresting back Control’ class to gain a better understanding of these insights.  Module 1: Recognizing the dangers of the insider With enough time, a hacker will find the flaws and there is no one with more time to uncover these flaws than someone already on the inside, just ask Elliot Alderson. Most organizations still focus on developing safeguards against external online attacks, using defensive tools like anti-malware, external firewalls, DDoS attack mitigation, external data loss prevention, etc. It’s a frightenin…

Is paying a ransomware demand ever the right thing to do?

Conventional wisdom, not to mention Hollywood wisdom, tells us that paying the kidnapper is always a mistake (think The Big Lebowski or Fargo!). Our parents warned us to stand up to bullies right? Successful poker players know how to tough out the dead man’s hand, and even the smallest dog on the street knows to bark like hell when faced with a threat. We know all this and yet we see a distinct rise in the number of businesses willing to pay ransomware attackers. What the??

Ransomware isn't new but it is on trend. Specialist attackers deploying ransomware don't destroy our data, they hold it hostage, making it inaccessible without the intervention of the attackers complex numeric key. This key usually comes at a premium, if it comes at all. Many have paid out for nothing: no return of their data. A gratuitous, sinister abduction, just because they can.

With attacks becoming more wily, more intractable, perhaps it is not surprising that many surrender to the onslaught. Greater…

Show You Mine If You Show Me Yours: The role of threat information exchange in strengthening cyber-defenses

Sharing is CaringSpeed and efficiency are essential to success in the digital economy. Businesses and organizations with an online presence need accurate, stealthy cybersecurity measures to counter the myriad of threats aimed at them. Working in isolation to tackle these attacks and shore-up cyber defenses is a costly and often futile exercise. As Grayson Milbourne, Security Intelligence Director at cybersecurity firm Webroot puts it:
Today’s cyber threat landscape is polymorphic in nature — constantly changing and making it nearly impossible to detect with traditional security approaches. For this reason, many businesses are coming to the realization that a collective offensive may be the best defense. Sharing threat information across public and private industries and organizations could reduce cybersecurity workloads and provide access to a wide pool of security resources, something smaller companies, in particular, are latching on to. 

In a recent study of 200 US IT security experts…