,
20 tweets,
3 min read
Read on Twitter
So I'm going to disagree with these.
#1 Yes, "password reuse" is the greatest threat. People use the same email/password combo across websites. When hackers break into one, they get the logins for all the rest. This is by far the biggest way hackers are hacking you.
#1 Yes, "password reuse" is the greatest threat. People use the same email/password combo across websites. When hackers break into one, they get the logins for all the rest. This is by far the biggest way hackers are hacking you.
But no, this doesn't mean "password managers" are the only solution. Writing down on post-its is perfectly fine for some accounts. Forgetting passwords for accounts you don't care about is okay to. Another solution is two-factor authentication.
#2 Phishing is the next most important threat, as it's the second most common way hackers are hacking you. But no, it's not possible to train years to spot malicious emails, and avoiding links/attachments isn't a solution when the entire point of emails are to click on them.
People are already avoiding obviously malicious emails. The problem is that a lot of phishing emails are so good that even experts can't spot them. Also, you aren't going to be perfect 100% of the time.
The Podesta email phish is a great example. Podesta emailed the administrator about a suspicious email, and the administrator appeared to say it was okay when it wasn't. Your security shouldn't rely upon such things.
Had Podesta used a good two-factor authentication device, he probably wouldn't been fine. The other thing you want is good desktop protection, such as preventing desktop users from having local admin.
#3 Email is wildly insecure. Telling people to use a secure alternative isn't practical. Let's say your business real-estate. You can't tell your clients "I only use Signal". Your business processes often have no choice but to use email.
You can dramatically improve email, such as employing STARTTLS, SPF, DKIM, and S/MIME, without impacting your processes too much.
If you can, yes you should move to something like Signal, but not because it's encrypted, but because you adversary's "processes" are also centered around email, but this only provides a little protection.
Given that you are going to continue to use emails, the third most important danger lurking out there is fraudulent financial emails, where they hack the person you are talking to and forward the wrong banking details.
Thus, you buy a house, and get a response from the real estate agent saying "wire the money to this account number", but it's the wrong account number because the hacker changed it. You are out that money and there's no getting it back.
I know this is a standard part of your business processes, but individuals are losing tons of money from this, so it's broken and you have to fix this.
As for #4 backups, you backup processes fail for a lot of reasons. Simply using the cloud like Dropbox or Microsoft Onedrive allow rolling back to old versions, meaning that attempting to restore will succeed.
Other backups you might try have a huge chance of failure. That's because you test the backups but don't test the restore. Moreover, online backups (like hot spares) often fail when ransomware spreads through all your machines.
That's why Merck had hundreds of millions in losses due to notPetya -- it spread to the online backups as well.
In any case, the cybersecurity threat of ransomware is not simply mitigated by backing up data. When it spreads throughout all your servers, you'll struggle for months trying to get all the software reinstalled.
That's because you haven't backed up the exact configuration of all your servers, so when it's destroyed, you can't get back to the correct configuration. Reinstalling/reconfiguring software from scratch is an error prone process.
Sure, it's normally not too bad, because in the general case, you never have to fix more than one at a time, so you figure it out. When you have to figure them ALL out at the same time, your systems are down for months.
Thus, you need to care about stopping ransomware from spreading to all your servers in the first place. The biggest thing for that is stopping the mimikatz/psexec spreading through all your servers. That starts with removing local admin on your desktops.
Anyway, I think her list of the top 4 threats is pretty good, I'm just not in agreement with the remedies she proposes.
