Friday, July 29, 2016

When the weak attack

Weekly Summary

The French politician Goerges Bidault (ES / FR / EN) is credited with the quotation: "The weak have a weapon: the mistakes the strong ones make". It could be truth or happen just occasionally, but anyway the most clever thing in any fight is to let the opponent become overconfident... If you have a response strategy. But, who´s the weak one and who is the strong one in cybersecurity matters?  

On the hacking romantic vision, the attackers are the weak who face super powerful infrastructures. Maybe until two heavyweights such as Derek Burney and Fen Osler Hampson arrive to explain in The Globe and Mail why there are not only Wikileaks leaks, but Russian "hackers" too behind the attacks against the USA Democratic National Convention. And they turn the world on our heads.

When we read an analysis like this, the one we thought was the weak turns into the strong one, and the one who looked strong is no longer it, no matter it shows the USA trademark: "Trump is not better than Mrs Clinton in national security matters. His comments about the NATO and first line of defense of states like Estonia, Lituania or Letonia, show his limitations on understanding the vital interests of the USA national security and on his own intellect." And more about the strong and the weak ones: Russians or not, sponsored by Russia or not, the reach of the bad guys actions in this case has gone farther than everybody expected. 

Hence, in this war between those who can make a big harm and those who reinvent the way of protecting themselves everyday, everybody should take advantage of the others mistakes. And one way to do it is documenting as much as they can. Choosing between the documents published everyday, we highlight the Cisco´s quarterly report, discussed in a recommendable video by two members of the company's executive team: The Senior VP and the CISO.

Do you want an example of weakness? Believing you are safe because your passwords are in the hands of a password manager. Mistake: this week we have known serious vulnerabilities in one of the most widely used services: LastPass. Another mistake? Believing you are safe because you are using a two-factor authenticated environment in your most important online services. This is a mistake too: the standards lab of the USA doesn't want to hear anything about the SMS. There must be a reason. Nothing is eternal. And nothing is eternally safe, or reliable.

So, no matter what side are you in (and from here we wish you are in the good guy's side) you know: Don´t believe you're strong, don't be too confident. Your opponent can be weaker than you, but if we give him the weapons, he'll use it. 


Post a Comment