[vc_row padding_top=”0px” padding_bottom=”0px”][vc_column fade_animation_offset=”45px”][text_output]Competitors and nation states have long known that to disrupt your competition is often times all that is necessary in order to garner a competitive advantage. It is for this reason that all information security (infosec) practitioners have long understood the importance of the three status indicators of the network infrastructure and data/services within: Reliability, Availability and Serviceability (RAS).
We see “availability” being challenged on a regular basis, with the plethora of distributed denial of service (DDOS) attacks being conducted against companies, services and individuals. The adversary peppers the targeted entity with massive amounts of queries (see How Will the Internet of Things Be Leveraged to Ruin Your Company’s Day? Understanding IoT Security) which causes the servers to overload and effectively blocking legitimate queries.
Then we have “serviceability,” if part of the infrastructure fails, does the architecture include hot backup for automatic a failover, or is your company off the air. Many of us overlook the fact that manufacturers include an important data point on mechanical devices, MTBF (mean time between failures). MTBF should be a consideration in all infrastructructure, as equipment does fail, and not on a predictable schedule. This happened to me, when I found my hard drive had failed, Where’s Your data and Can You Actually Get To It?
And finally, we see “reliability”, the trust factor. If I can’t trust the data coming from this engagement, how can I trust this relationship? In late 2015, Greensboro, NC television station, WFMY, ran a piece New Hacker Plan: Don’t Steal Data, Change It, which I recently re-reviewed. The content of the piece is absolutely on-point and accurate. The influx of ransomware is absolutely changing the landscape. In the healthcare arena, if you have had your servers compromised, it will be hard pressed to plead that patient data has not been compromised. Indeed, in a recent piece, Healthcare Ransomware Increasing, Education Sector Top Target aptly points out the risk.
It goes one step further. There will be those, who, as discussed in the WFMY piece, who simply want to get in and then out of your infrastructure in an undetected manner, so that while inside your protected and secured environment they can adjust and change your data. In doing so, they disrupt you, they create mistrust within and possibly with external facing customers. Indeed, there have been instances where the intruder went on to launch denial of service attacks from inside the network on the internal network.
In sum. Security includes the addressing and mitigating all threats, not just those threats which result in your data being stolen. As noted supra, there are so many other ways to effectively disrupt the operational cadence of a company.
Below is the video of the WFMY piece.[/text_output][x_video_embed id=”” class=”” style=””][/x_video_embed][/vc_column][/vc_row]