Incident Preparedness 101

In this day and age, who should be worried about security incidents?   Anyone who uses a computer.  Reports based on investigation after investigation have now been published by vendor after vendor.

Poaching from Keydet89’s blog, remember the first Mission: Impossible movie, where Ethan gets to the top of the safe-house stairs, removes a light bulb, crushes it in his jacket, and then backs into his room as he doles out the broken bits of glass onto the darkened hallway floor?  WHAMM-O.  He has just installed a basic Intrusion Detection System.  Anyone who steps into the now darkened hallway will step on and break the shards of glass, making enough nosie to alert Ethan to their presence, because he is listening specifically for that noise.

Brian Krebs makes it pretty clear in his blog that EVERYONE is susceptible to the latest attacks.  Read this.   I wonder how those dentists feel now about spending $10K or less to setup some kind of basic security protection and monitoring.  As an attacker, why take a little at a time from a large enterprise target and risk being caught, when you can nibble away at smaller targets all over the world, and when they run out of money and fold up shop or get wise and implement some controls, move on to the next easy target?   If you don’t think that this is an issue, keep an eye on Brian’s and Keydet89’s blogs.