Improving Your (and your PC's) Health
BY PATRICK SHEEHAN
After doing offensive cyber security for over a year now, I continue to express shock every time a password spray [taking a list of known user accounts and attempting to log in with a small list of potential passwords] succeeds with passwords like Spring2021 or Covid19. And a more seasoned colleague of mine always responded with the phrase “security isn’t convenient.” He is spot-on, but I believe it’s bigger than that. Being healthy isn’t convenient either.
My doctor will ask about my diet and my level of physical activity, followed by encouraging words to exercise more and eat healthier. Or, when I go to the dentist, he asks how often I floss, time and time again extolling the benefits of a proper daily routine. But arguably the worst is *knowing* but not acting upon what you should do, using the excuse of inconvenience. Not following through can result in exploitation of a vulnerability [weakness], requiring proper incident response (costing time and money) – in my case, failing to heed the dentist’s advice of properly flossing resulted in my needing to have multiple cavities filled over the years.
I am not alone – according to US News, most of us do not heed our dentist’s advice. If I know that flossing can reduce the likelihood of getting a cavity, why don’t I do it? According to Psychology Today, it’s nature (not just human nature but nature) to take the path of least resistance. Flossing doesn’t require a lot of time or effort, but it certainly isn’t my top-10 fun activities to do on a Saturday night. In that same vein, having proper security hygiene can be much more challenging. The first hurdle is routine screenings. These include performing internal vulnerability analysis combined with professional penetration testing (commonly referred to as a pentest). But identifying problems is not enough – we need to heed the advice received, often including (but sadly not limited to):
Having a unique password for all accounts [only 35% of people claim to use a different password for every account]
Enforcing the concept of least privilege [ensuring users have the lowest possible permissions necessary to do their job]
Ensuring patches are promptly applied (OS, software, and firmware)
Proper backups [running a backup is only part of the battle – you must also verify its functionality as 58% of data cannot be recovered due to failed backups and unverified restores]
Taking these actions will not be easy or fun. But neither is flossing, and my lack of proper flossing most recently led to a cavity in my molar. As monotonous and challenging as security hygiene feels, the possible results of not following routine are way worse. And, just like bacteria, cyber criminals continue spreading to their next attack.
The potential of having my digital life compromised, used for nefarious purposes, held ransom, or worse, sounds excruciatingly painful (worse than a cavity in a molar). Even if proper infosec hygiene is not fun, and it certainly is not the path of least resistance, I intentionally choose to go against the grain and improve my future cyber health.
With that said, time to floss my teeth (only after clicking the Check for Updates button). For more information on how you and your organization can have good security hygiene, reach out to our SixGen team here.