You may have noticed a trend these past few weeks with my recent posts such as;

Logging; Without a complete picture, what’s the point?

Troubleshooting vs Compliance Security; Logging without borders?

Are you Practicing Security Theater in IT


Alright, sure you’ve noticed a trend, I’ve been talking a lot about logging, the importance of an audit trail and the overwhelming importance of security while at the same time how security is more a masquerade ball of promises and less guarantees.    But what does this have to do with Taylor Swift?


(Note: This is the real Taylor Swift and not the Infosec Focused Taylor Swift @SwiftOnSecurity)


Every organization has customers, that’s how we do business, the internet is no different.  If you’re say a Twitter or Instagram (which considering Facebook owns Instagram, we may as well say Facebook) and one of your top customers; In the case of Twitter out of your 284 Million users, one of your users (Taylor Swift) is your Fourth largest account.   If that customers account were compromised, information leaked, relationships tarnished, would that look good for your business? Hardly.


But what can we do about things like this?  Twitter recently ‘bolstered’ their security by quietly introducing a Two Factor Authentication model which didn’t even make a blip on the horizon.   But you might be saying, I don’t use twitter, or I don’t care about twitter, or my business doesn’t rely upon it. (We won’t go into the number of faux paux’s in the very recent past by rogue or accidental tweets horribly tarnishing brands) instead, how about something a little closer to home …


Hey, did you realize that JPMC - You know, Chase bank suffered a compromise of 83 Million accounts back in July of 2014? I’m a huge Chase user, I strangely didn’t get any kind of ‘notification’ from them on this… (although I now receive daily fake chase bank spam messages...)


Now what I have to ask you is, if organizations with multi-million dollar security budgets like Chase, with 10s of millions of customers/users, and online ‘designed for online’ organizations like Twitter with hundreds of millions of customers cannot protect our data, our information, protect us from compromise.   What can we do?


I’ll tell you a few things I think we can do:


- We can start getting serious with our security, the security of our systems, of our customers data and our data

- We can get active systems like IPS’s and intelligent firewalls for East-West and North-South traffic vs Perimeter security which is Port or Protocol based.

- We can ensure that if we do have extra security measures, be it two factor or certificate based authentication that it is leveraged by our customers, employees, assets.

- We stop practicing security theater, treating it as an afterthought and living by the check-box.



This is definitely an iterative list, one which will grow as we discover more about our environments and ourselves. 

What are some things you're seeing people do to tackle and protect against threats like these?

I’d love your feedback and contributions so we can all grow with finding better ways to handle measures like this.