Pratum Blog

A best practice that appears to be overlooked in many organizations is that of reducing your attack footprint. During recent audits, we’ve discovered that organizations large and small are leaving themselves unnecessarily open to a security breach. Hackers are like rock climbers. They only need a series of small cracks within reach of the each other in order to make it to the summit.

Leaving unnecessary services running on a server, not locking down internal resources and allowing egress traffic with no filtering all increase your attack footprint. It makes you easier to find, grab hold of and allows for a hacker to continually climb your infrastructure without falling off or having no other way to advance.

Take time to shore up these little areas and you can actually drop the risk of a security breach by a significant amount. Not everything related to security has to be expensive or complex. Sometimes it’s just closing up a few small gaps that makes the next ledge just a bit too far of a leap for a hacker’s comfort.

While NSA Director Admiral Rogers was providing the keynote at the ISSA International Conference last month, he made a comment that I found interesting.  He said that we can’t expect US companies to be able to continue to defend against hacking and espionage attacks from nation states.  I agree. 

Many of you may disagree and think corporate espionage is just a myth.  It is not.  It is real and costly.  For countries who rely on nationalized industries for the revenue to fund their government and military, the incentive to gain the upper hand is unparalleled.

If a country like China decides they need to realize a faster and greater return on investment, I guarantee you an increase in R&D budgets isn’t the way they will go about it.  Their investment will be in hacking other countries to steal the data.

You may have your own opinion of the NSA, their role or their track record.  I tend to think they’re trying to do the best they can in rough, uncharted waters.  After hearing Admiral Rogers speak first hand, I’m glad they’re on our side.

The US Postal Service announced that a breach discovered in mid-September may have compromised the SSN and other personal information of more than 800,000 employees. It also states that information on callers to the USPS call center may have been compromised as well.

The government of China is currently the prime suspect in the hack. At some point these hacks are going to escalate into a full blown cyberwar. It’s only a matter of time before the cyberwar division of a foreign government hits pay dirt.  The president is in China this week. How will we respond? Will it be addressed? Guess we’ll have to wait and see.

The information we track while users are on our websites helps us analyze site traffic, optimize site performance, improve our services, and identify new products and services of interest to our users. To learn more please see our Privacy Policy.