How do we protect our data?
We all know how firewalls work; they prevent packets from passing through self-imposed barriers. But they don't limit how far packets go once they pass the threshold.
The big question many U.S. organization database managers need to ask themselves is: is my server carrying high-value data to unfriendly countries? Firewalls are in place, but data is still leaking.
Is there anything else I can do to stop it?
It is interesting to think about what Don Draper, the famed creative director on AMC’s Mad Men (played by Jon Hamm), would do in the 21st-century if his advertising firm’s delivery of time-sensitive media were disrupted.
How would he handle cyber-crime and other critical IT failures when the advertising of his Fortune 500 clients was on the line?
Though the automated teller machine (ATM) may soon go the way of the eight-track and the VHS player — with automation features such as direct deposit and debit cards now available, few people use ATMs — there was a time when the ATM was the primary way most people checked their account balance and obtained cash. (Not to mention college students looking to fund their next box of macaroni and cheese.)
Do you or others in your organization use Google Chrome or Mozilla Firefox browser extensions?
Many of us do. Often they have incredibly-useful features, such as ad-blocking, advanced searching, reducing page-load times, and much more.
But did you ever wonder if they could be used like a Trojan horse, presenting a friendly and helpful exterior while stealing your private information in the background?
Over 500,000 Chrome users just found out the hard way that this is indeed possible.
In mid-January 2018, the US-based cyber-security firm, ICEBERG, reported that four seemingly-harmless Google Chrome browser extensions had malicious code embedded within their designs to allow for stealing of private data.
Fortunately for these half-million users, it seems the nefarious code was only used to visit web ads in the background, something known as “click fraud.” These users were using the offending extensions and benefiting from the helpful features that the extensions offered, unaware their systems were being hijacked to help commit fraudulent activity. (Click fraud is often used for SEO manipulation and to steal money from advertisers through an ecosystem of fraudulent sites and click agents.)
So how does this relate to network security?
In its fall cliffhanger episode, ABC Television’s Grey’s Anatomy touched on a vital new issue in our world: cyber terror.
(Note: The following contains spoiler alerts for the final episode of the season.)
The hospital is panicked as hackers demand millions in ransom to lower the heat. It is sheer pandemonium as a hacked heating, ventilation, and air conditioning (HVAC) system wreaks havoc on patients and staff alike.
The TV drama showcases a comedic series of events as characters deal with the “crisis of the hour." Producers of the show manage to bring the issue to the small screen with a bit of a laugh; staff are able to open the locked door to the blood supply room by shocking the keypad with a defibrillator.
But the reality of this possibly happening in real life is a bit scarier.
On an otherwise peaceful morning on January 13th, Hawaiian residents and visitors were horrified to receive a warning on their mobile phones instructing them to “seek immediate shelter” due to an imminent missile attack.
The message ended with the simple, yet gut-wrenching: “This is not a drill.”
Vacationing NPR reporter Tamara Keith was on Oahu when the warning sounded. As she commented on NPR News, the warning was especially frightening, as an attack “is plausible.” With heightened tensions between thed United States and North Korea, in particular, Hawaiian residents—and Americans in general—fear for their security.
- A “Crown Jewel” server is defined as one storing high-value data.
- Nearly every large organization has one or more of these servers.
- The word “catastrophic” is grossly insufficient to describe a possible compromise.
- Building the "biggest castle" around your server may not be the answer.
Executives worry about their “Crown Jewel Server,” and for good reason. They are often packed with industry secrets, financial data, private client information, and other highly private information…and usually they are unnecessarily unsecure.
And they require a healthy amount of time, energy (and money) to safeguard—depriving you of the chance to direct your resources elsewhere.
Let Us Know What You Think
Leave a comment below