Who is the Target?
In my previous article on NotPetya, I talked about other targets of the attack, the consequences, and who we think is behind NotPetya. This post will be the last in my series on NotPetya, and I’ll discuss cybersecurity in light of what is happening on the global stage.
Traditionally, most people think of cybersecurity as a fortress, with many layers of walls that are as thick as possible. With all of these walls, you think that surely you’ll be safe, but that’s not true. A fortress can still be destroyed from above with drones or bombers, and all of our digital networks can be victims of the same war tactics. While walls, such as firewalls, are useful and a necessity, they are insufficient.
The targets are not technological, and the targets are going to be humans like you, your employees, and the hands-on your vessels. Attackers will try and emotionally manipulate them to do things they shouldn’t be appealing to their greed, dissatisfaction, or whatever they can manage to do because the targets are trusted authorized users of your systems. If attackers can manipulate them, they can get what they want, no matter what your technological defenses happen to be.
Keeping Good Cyber Hygiene is Essential
Cybersecurity is not a thing you buy or a device you install, and it’s about how you manage your employees. You and your employees need to be practicing good cyber hygiene because, like real germs, you don’t know you’ve been in contact with them until you’re hit. If your cyber hygiene practices are successful, then it will look like you’re wasting your money as nothing terrible will happen. But nothing terrible happening is precisely the point, as bad things will happen to your competitors instead and you will emerge victorious. NotPetya was a massive management failure that could have been negated by the people in charge, as the responsibility of executives is to make sure that their organization is practicing reasonable cybersecurity and practicing good cyber hygiene.