Wednesday, February 22, 2017

What are three corporate policies to mitigate risks for cybersecurity attacks at the global level?

What are three corporate policies to mitigate risks for cybersecurity attacks at the global level?
  • Disable macros at the policy level A very common point of entry for malware, be it botnet, remote access trojan, or ransomware, is through the built-in scripting language of Microsoft Office: macros. In fact, the middle of 2016 saw a very large campaign of spammed Office malware leveraging macros within Macro-enabled Document Templates. (Molyett & Lee, 2016) With Windows 10 and new updates to Office the enterprise level configuration, Group Policy, can enable "Block macros from running in Office files from the Internet" (Khanse, 2016) which is a feature that should always be used. Any person on the network that needs to open such files should be provided a virtual machine for reading those files.

  • Submit all email attachments and links to a sandbox scanner Other than Office macros, spam carries with it malware executables, links to exploit kits, and various nested file solutions to execute malcode. An effective network protection policy is to have all incoming emails be submitted to an automated scanner. (Eckstein, 2015) Such a solution does delay emails by a few minutes, but avoiding a ransomware infection is well worth it.

  • Two factor authentication The last common delivery through email are directions to phishing websites for collecting user credentials. When a user falls for one of these sites, which often can look pixel perfect due to the same technologies being available to the scammer as to the original web developer, then the attacker gains the user login and password for the copied service. This was how the Hilary Clinton campaign chairman, John Podesta, had his email's hacked in 2016. (Vaas, 2016) By accidentally logging into a fake Google Mail support page, attackers collected his credentials. Two factor authentication usually means that, in addition to knowing the secret password and the not-so-secret username, a user must also possess a physical device to successfully login. Phishing attacks then fail to provide access even once credentials have been harvested.

Eckstein, P. (2015). AMP Threat Grid Extends and Bolsters Our Ability to Combat Malicious Malware. Cisco. Retrieved from https://blogs.cisco.com/ciscoit/b-sec-10232015-amp-threat-grid-combats-malicious-malware
Khanse, A. (2016). Prevent and block Macros from running in Microsoft Office using Group Policy. The Windows Club. Retrieved from http://www.thewindowsclub.com/block-macro-malware-microsoft-office
Molyett, M. & Lee, M. (2016). Macro Intruders: Sneaking Past Office Defenses. Cisco Talos. Retrieved from http://blog.talosintel.com/2016/08/macro-intruders-sneaking-past-office.html
Vaas, L. (2016). DNC chief Podesta led to phishing link ‘thanks to a typo’. Sophos. Retrieved from https://nakedsecurity.sophos.com/2016/12/16/dnc-chief-podesta-led-to-phishing-link-thanks-to-a-typo/

Sunday, February 19, 2017

Dance is hard

While watching my daughter's ballet competition today a realization came to me. Dance has seemed odd to me, but I could never put my finger on why. Yes, the movements and physical strength of the dancers is impressive and beyond capabilities I would hope to have. The flexibility alone is astounding, but most performances of physical prowess have aspects of that. Dance is not simply a martial performance, but an art in a way that very few mediums are. It is hard, and it celebrates that.

Creative work, in general, is so unlike the work performed by most. Uniqueness is celebrated and creative souls are not fungible in a way that laborers too often are treated. Even among creative work, dance stands out. All dancers must meet the grace, coordination, fitness, and teamwork of their profession. Quite simply organizing a large group to synchronize their actions is a feat. Being a part of that is sufficient and audiences appreciate it. But beyond that is the feats of extraordinary performance.

Dance allows the artist to find one action that they alone can do and rewards that. It can be anything: a spin, a held stance, a flip, a stretch. If it is over and beyond what others can do then it is worthwhile. Dance celebrates hard for the sake of hard. Do what others cannot and dance will embrace it. Perfect something hard and show that off. Dance allows it, dance embraces it, and dance celebrates it.

It really is an amazing thing. I am grateful to my daughter for the opportunity to experience this world. We all could do a lot worse than keeping an eye out for people that have perfected hard. Find more chances to identify the work they put in and place them center stage, even if it is just to do that one thing. Teamwork, timing, and perfect execution of the mundane is excellent, but be on the lookout for when you can reward hard.