I recently read an article about the NSA getting hacked. A group called Shadow Brokers claimed they hacked Equation Group (and based on the story I read, Equation Group is an NSA entity). The article went on to say that the group published what it claims are sophisticated software tools (cyber weapons) and posted that they are auctioning off the most powerful tools. The files/tools released exploit back doors to some very large vendors – Fortinet, Cisco and Juniper.
Scary stuff on a number of levels.
- The NSA is developing some powerful security tools.
- A number of the tools are out in the “wild”.
- The NSA got hacked.
What do we take from that aside from the fact that we are all vulnerable? Security needs to be in layers and we need to build a security culture within our companies.
I firmly believe that hardware and software don’t solve business issues…process solves problems. Hardware and software definitely contribute to and enhance solutions to business issues, but it is how we use and adopt them that transforms how we do business.
To understand more about your vulnerabilities, a rick assessment is valuable. Risk assessments typically are technical in nature and use a framework to provide the assessment. I believe the framework and scope based on the NIST Cyber Security framework is one of the better ones to use. It is important to understand both rick and opportunity. It should also be noted that security is a process not a target.
The number 1 treat vector continues to be email. We should:
- Enforce spam filtering.
- Enable and update your email security application/tool.
- Educate your users on phishing and standards of behavior with respect to email.
Scan your network internally and externally. There are a number of options including several open source options in this area.
Keep logs and consider using a SIEM. Some of the SIEM applications do a fantastic job of event correlation.
Patch management. Make sure you have security updates and patches installed.
All important elements to building the corporate security sulture. There are some excellent tools and service offerings that can help administer and manage parts of the aforementioned tasks and processes. Let us know if we can help our with any recommendations of suggestions.