In this episode of The Deep Queue I explain why I believe the “trusted internal network” is a myth. Many of the problems that I see on consulting assignments would have been prevented by the same security measures I recommend to protect against malicious attacks. Except the incidents in question are not usually malicious, they are just human error. In most of these cases the fact that there are no secondary firewalls around Production assets, no defense in depth and no checks and balances allows a simple mistake to blossom into a full-scale incident with serious financial, and often reputational, damage.
But if companies don’t want to implement security to protect against honest mistakes, perhaps they will if there is a credible outsider threat. In this episode I argue that such a threat is real and to back that up I cite six US DOJ press releases from just the last two months describing malicious corporate network intrusions. The press releases also give us some insight into the state of tools available for cybercriminals and the degree to which the tools have been weaponized.
Links for this episode:
SAN JOSE WOMAN CHARGED WITH FRAUD IN CONNECTION WITH A PROTECTED COMPUTER
FORMER IT MANAGER SENTENCED TO PRISON FOR HACKING INTO PREVIOUS EMPLOYER’S COMPUTER SYSTEM AND CAUSING DAMAGE
JUVENILE COMPUTER HACKER PLEADS GUILTY
Multi-Million Dollar Home Equity Line of Credit, Identity Theft and Computer Intrusion Ring Busted
HACKER CHARGED WITH PROVIDING DATA THEFT TOOL IN NATIONAL IDENTITY THEFT CASE
FORMER MASSACHUSETTS INMATE ARRESTED FOR HACKING PRISON COMPUTER TO ACCESS PRISON MANAGEMENT PROGRAM
Boffins bust web authentication with game consoles