Assume You’re Breached
April 25, 2013
By Roger Thompson

The Verizon DBIR came out today, and, as usual, it’s full of interesting data, and, as usual, it should be printed out, read thoroughly and marked liberally with your favorite highlighter, but for me, my favorite sentence was in the opening paragraph. It said, “A growing segment of the security community adopted an “assume you’re breached” mentality.”

This resonated with me, largely because I think it’s right, and certainly reflects how I would view my network, if I was in charge of corporate security, and there are three reasons for this.

The first is the massive numbers of new malware each day (something that we'll explore another day).

The second is the BYOD movement. Some people think this stands for Bring Your Own Device, but I’m pretty sure it stands for Bring Your Own Destruction. People understandably want to work on their favorite tablet, but, for a corporate security person, it means that the corporate perimeter, which has traditionally been the principal line of defense, is no longer nicely formed and clear. Instead, it is misshapen and blurred.

The third is the alarming number of positions at Defense Contractors for “exploit writers” of every stripe. They are not just looking Windows exploit writers, but OSX, Linux, Android, and even RIM. We may be confident that this trend is not limited to American defense contractors. In other words, exploit writers have gotten really good.

We are not without defenses, and there are steps that should and must be taken, and this blog will explore them over the next few days.

I am pretty sure that when Obi Wan said “We will never find a more wretched hive of scum and villainy. We must be cautious.”, he was talking about today’s Internet.

We live in interesting times.

Comments

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.