Made you look!
It’s a clickbait headline, a popular tactic with the press to get people to click on their article.
Cyber criminals, the ones after the gold in your network, are at heart, capitalists. In other words, they seek efficiency. How to get maximum returns for the minimum possible work. This tendency reveals itself in multiple ways.
- They scan networks, looking for the less well guarded ones; default passwords, unpatched systems, minimal defenses; easy pickings. After all why bother with hard work if the same results can be had easily?
- The rise of Ransomware-as-a-service; essentially a franchise model for ransomware, such that criminals with little technical expertise can run ransomware attacks without having to build anything from scratch. As you can imagine, this has led to a sharp increase in ransomware attacks.
In order to get the bad guys to move along to the next target, your job then is to push them up the pyramid of pain — make it that much harder so as to decrease their ROI.
But, wait a minute, you’re thinking. What about that screaming headline? Anthem, Target, the beat goes on. Remember, headlines are always screaming. That’s what gets eyeballs and what sells. The mundane, common, low-level, ho-hum attacks simply don’t make the headlines but cause more damage on a sustained basis than the latest zero day.
The analogy in the healthcare world is that Bird Flu and Ebola garner screaming headlines while the common cold is responsible for more days missed at work and school by orders of magnitude. When was the last headline you saw about little Johnny missing school because of the flu?
How now, brown cow? The approach is well known but bears repeating:
- Identify your crown jewels (know you assets)
- Do a gap analysis to determine vulnerabilities
- Address these vulnerabilities
- Monitor for breaches
Sound like a plan? Check out our SIEMphonic service. It’s the easy button for sensible security.