Going Retro in the World of Digital

Security is now a question of trying to think like the attacker and assume that something bad will eventually happen. Today knowing what you are going to do before, during and after the attack is the thing that will make the difference and lessen the embarrassment and damage a breach could ultimately cause.
|

A couple of weeks ago I wrote a post wondering why we value the physical world over the digital world so much.

So it amused me no end to read another Huffington Post article describing how a Russian Security Agency is apparently using electric typewriters 'to prevent leaks'.

It seems this agency is planning to use typewriters rather than computers as a way of lessening the risk of data leaks that might let sensitive information out into the public domain. They have probably seen the many high-profile security hacks and breaches in the news, and because it is now so easy to download huge amounts of digital files and data quickly, they are considering turning back the clock to another era of data.

If true, this is a huge step backwards.

Surely it is better to recognise the problem and then put in place steps to ensure that it is difficult for breaches to happen in the first place? While at the same time, it is important to accept that breaches by determined individuals and organisations are to a large degree inevitable. So its how you spot it happening and lessen the impact quickly that ultimately really matters.

So rather than trying to turn back time to another era when everything was not digital and online, surely it would be better to be able to turn back time and review what happened, when and where in the digital world?

In a similar way that an aircraft black box flight recorder monitors airliners' systems and actions so that if something bad happens investigators can narrow down the issue, your IT security needs to be able to take a retrospective view on all files and applications on the network. That way if they turn out to be doing something bad, you know what they did and how they interacted with other systems on your network. Contextualising what an application is doing is also critical. After all if a file or application starts acting in an unexpected way, or accessing another application it should not be accessing, then your IT security team needs to know.

Burying your head in the sand is not the answer.

Today IT managers need to recognise the new reality that it is not simply a question of stopping the malicious intruder getting into your network and databases in the first place. Although this is important, it is inevitable that given the sophistication of the attackers that they will get in eventually. So then is a question of what you do about it and how quickly you know you have a problem.

Security is now a question of trying to think like the attacker and assume that something bad will eventually happen. Today knowing what you are going to do before, during and after the attack is the thing that will make the difference and lessen the embarrassment and damage a breach could ultimately cause.

All businesses and governments should know they are being repeatedly attacked, so unless we return to an era of typing pools; Morse code and Telex, they better recognise the new reality and plan accordingly, not place an order for a job-lot of typewriters!