Cyber Security is a big concept and a lot of ideas have to be discussed.
Cyber Security Introduction
Point of Cyber Security
- Prevent Loss of Data
- Prevent Down Time
- Prevent Systems from Being Used Nefariously
- Stay Compliant with Laws/ Regulations
Don’t Do Harm
- If users can’t use systems because of security you fail
- No environment looks like a college exam.
- “Best Practices” don’t last 30 seconds in the real world
- Focus on what you can fix NOW
- Plan for the future
- STOP… just stop… you are not as important as you think
- Executives are juggling numerous priorities. Acting like an ass will not help your cause
- You need to build peoples trust in you. They need to trust YOU not what you advise.
- Office Politics IS PART OF YOUR JOB!!!!! !!!!! and a couple more !!
Cyber Security = Good Administration
- Security should be built in to the infrastructure
Security is Layered
- Any Single Layer Compromise Should Not Be a Killer
Zero Trust Environment
- BYOD was the end of Trust
- Remote workers
Getting Decision Maker Buy In
- Preventive Maintenance is a hard sell
- Add Security to normal upgrades and purchases
- CEO’s like “cool sh*t” – 100” LCD screens showing real time dashboards
- Sell the “Sizzle” to get the “Steak”…
- Visualizing the value of tech is hard, stupid gimmicks are not
- Know who is actually in charge. Is it the CIO or the CFO?
Getting Employee Buy In
- Listening to Employees
- Befriend Employees
Successful Attacks Require
- A Vulnerability
- A Vector to the Vulnerability
- An Attack/ Event
Vulnerability or Feature?
- You can’t hack a server that’s powered off.
- You also can’t use the server
- Limit the feature set of each server/ device
- Instead of a single FTP, Web, SMTP, VPN server break them into individual systems.
- Use virtualization
- Use cheap hardware. Does your FTP server need a Xeon Processor?
Security is More Than Chinese Hackers
- Security is a mentality not a product
- Strategy should change with time.
- A solution for one threat will prevent numerous other threats
- Employees trying to game the system
- Dumb Mistakes
- Nefarious Actors
Threat: Natural Disaster
- What happens in Flood/ Fire/ Earthquake?
Threat: Normal Crime
- Crackheads don’t know what an Active Directory Server is….
Threat: Rats Nest
- Don’t pull the wrong cable!
Threat: Stupid Problems
- Backhoe through your fiber line
- Unplugging Active Directory Server
- SaaS single IP issues
Threat: Vendor Issues
- Supply Chain Attacks
- Facility Destruction
- Vendor Hacked
- Actual Hackers are probably the least of your problems
- By focusing on “hackers” you may miss much more pressing issues
- Having a full Disaster Recovery System solves both the Flood AND Ransomeware problem
- If your security prevents and administrator from doing something stupid it also will block “hackers”
- TCO – Total Cost of Ownership
Disaster Recovery and Resiliency
- Backups are not enough
- Disaster Recovery is about having FUNCTIONALITY back ASAP.
- High Availability
- Hybrid Cloud