Hot take: DDoS is a cyber attack and in the wrong circumstances, it can impact integrity too. Worked with a customer a few months back that saw data corruption secondary to a DDoS.
But even if it "just" impacts availability, a DDoS is still a cyber attack. 1/
But even if it "just" impacts availability, a DDoS is still a cyber attack. 1/
Go ahead and tell the board "we're protected against cyber attacks" then get hit with a two day sustained outage in the face of a DDoS. When the board asks why they lost days of business, just explain "DDoS isn't a cyber attack, my Twitter poll said so." 2/
That's what we like to call "a resume updating event."
Only elitist infosec gatekeepers try to argue what is and isn't a cyber attack based on the techniques used. Real professionals (aka "the people the business listens to") understand that impact is everything. 3/
Only elitist infosec gatekeepers try to argue what is and isn't a cyber attack based on the techniques used. Real professionals (aka "the people the business listens to") understand that impact is everything. 3/
This reminds me (a lot) of an intrusion some years ago where a customer said "wow, these guys suck. They're hacking with batch scripts." My analyst re-framed that as "they bypassed your security controls and operated undetected for months using batch scripts." He's not wrong. 4/
No, security basics aren't always the coolest things to do. But they're damn important. Every time someone misses an easy security control, so many in the community dog pile on. But for some reason we're also piling on to someone claiming a win for the basics... 5/
I'll tell you that I've investigated multiple attack groups crossing between orgs using B2B VPNs. They only use the least advanced tools and techniques they need to achieve their specific goal. Observed sophistication is correlated with security program sophistication. /FIN
