I watched the 60 Minutes segment on the attack on Sony recently (4/12/15). If you didn't get a chance to watch I'd recommend you follow the link and watch it. There are a number of lessons and learnings for us all. The piece revealed that more than 3,000 computers and 800 servers were destroyed by the attackers. Astonishing. One of the experts interviewed stated that "even big corporations with sophisticated IT departments are no match for the dozens of countries that now have offensive cyberwar capabilities." Followed by this comment a bit later: "There are probably three, four, five thousand people that could do that attack today." Couple these comments with the title of this post: All advantage goes to the offense in cyber-way. On the defensive side, you have to say I must defend all 100,000 machines, all 50,000 employees. The offense side thinks, "I only need to break into one and I'm on the inside."
Think about it. Here we are, as IT professionals, playing defense and trying to protect all of our machines and all of our employees. The cyber-criminals need only compromise one machine or one unwitting employee. Who is the favorite in this race? While we are trying to protect everything and everyone the cyber-criminal is looking for a single weak link: "And there's no shortage of weaknesses. Most company employees are allowed to browse online or visit Facebook on corporate computers and many take them home for personal use. All it takes to contaminate a network is for one person to unwittingly access an infected file that looks realistic...like an Adobe Flash Player update or an email that pretends to be from Apple Support." From my college statistics class I would assign the probability of an employee contaminating a network equals one - an event that will almost definitely occur.
So how are we to react to this news? What do we need to do?
As the CISO for my home network I've been increasing my own security posture. A few months ago I stopped relying on my cable modem for security and installed a SonicWall TZ215 firewall. I've enabled its built-in intrusion protection, content and application filtering along with botnet and Geo-IP filtering. I've added two-factor authentication to many of my high value accounts like my bank and PayPal. I'm researching how I can put my various IoT devices (Smart TV, Apple TV, Roku, phones) on a separate virtual segment so they are isolated from our laptops. Is it enough? No, but I don't want to be that one end-user with the very thin, crunchy outside...