Monday, June 22, 2015

When sports teams hack each other

Perhaps a movie is in the making.

If sports teams are hacking each other for competitive information, I wonder if that happens in other businesses..... <smile on my face>.

St-Louis Cardinals under investigation by FBI

To think that these things do not happen is like being naive enough to think that powerful government entities do not use their powerful positions to maintain said position.

A few decades ago, before the popularity of the Internet took hold, I was intimately involved with various couvert activities.  When I left that world, I started giving seminars on corporate espionage.  After one of my seminars, I was approached by a man who wanted to team up with me to spy on his competitor who happened to have a bigger Yellow Pages phone book advertisement (a full page ad!) and taping into his business phone line would give us plenty of leads!   Heck, if we tapped into his fax, we would see what he is quoting too!  It would be a dream come true...for him.....   What kind of company was it:  A pavement repair company. 

I walked away... a little irked that someone would come to ask me that after I just gave a conference defending against it.

It happens at all levels. 

Fast forward 25 years later, you no longer need to <tap> onto a phone line physically and risk getting caught.  Sure, it is effective, just not the way to do it.  Employees come and go with user accounts and access to vast amounts of information.  In fact, if you ask most employees to make a list of all the good stuff they have access too, you would be surprised, we are very permissive.  Since an employee who has decided to leave our wonderful firm knows ahead of time that they will have their accesses cut.....  good security practices would dictate that it is important to have adequate access logging activated on our systems.   When someone annonces their departure, looking through the last month of activities could be very interesting and conclusive.  Something that most companies simply do not do since they have no such details.  Remember I said adequate logging, not academic logging.

When I assist in crisis management, the biggest hurdle is the lack of evidence, as in, poor system activity logs or completely absent activity logs on key systems.

I guess the message here is, don't be too much of a good sport.  Don't make it too easy for your information to leave the building.

1) Ensure your keeping activity logs for the important stuff
2) Know where your important stuff is (see #1)
3) Have someone review activity logs when certain triggers take place

So as a manager, wondering if your well oiled machine is doing what it is supposed to be doing, how would you validate this ?  Simple!

   a) Show me the inventory of our information assets and their classification
   b) Show me the last ten people who accessed XYZ information (taken from (a))

If you get a blank <dear in headlights> response, you have something to optimize. ;-)

No comments:

Post a Comment

Are we even trying over at BRP

This will be a short blog entry.  Essentially, a general observation. If your enterprise was breached and screenshots of user account passwo...