That feeling that the weight of the world is on your shoulders and at any moment it will fall all around you, crumbling into so many peices that nobody will be able to put them all back together again, turning to ash beneath your feet, trampled by many never knowing or caring what was there before. That feeling of some impending change that is about to happen at any moment, that feeling of the rope around your neck just before your neck cracks at the foot of the fall, I hate that feeling...
Monday, September 24, 2018
Sunday, June 17, 2018
Thursday, March 15, 2018
Week 2 Topical
As I sift through the myriad of articles surrounding the Equifax case my stomach begins to turn, on its website it boasts a collection of some 820 million consumers. That equates to mamaging 1,200 times more data than the Library of Congress ("Equifax manages 1,200 times more data", 2017). Equifax is a sleeping giant amoung data warehousers. “They’re the rails that the financial train runs on. Without them, everything would grind to a halt.” said Keith Snyder. Apparently,
there are multiple data attributes reported whenever a person is paid, including how much a person earns and how much was comprised of a bonus, so were in an uproar about SSN and creditor information but the truth is they hold much more information on each consumer in their datastore. For several days after the notification, consumers were directed to a fake site that looked like Equifax but was a hoax.
For years I patched servers on patch Tuesdays, or whenever patched were released at least weekly if not daily depending on the criticality of the patch released. While it would have been great to have had the luxury of multiple systems so we could patch and test, that was not always the case. My team and I were charged with securing our systems. Sometimes we were proactive and sometimes reactive. In the case of virus outbreaks, depending on the severity the team would be more concerned with putting out the immediate fire and dealing with smoldering ashes later. In other words, sometimes we would spend the next few hours fixing the application etc., Equifax stated patching software at big corporations with many machines does takes time. They had to first identify the vulnerability, then implement and test the patch to make sure it didn't break anything before making it public. I saw hogwash! Any security expert worth theheir salt will tell you Equifax should have moved faster ("How the Equifax data", 2018).
"There's really no excuse whether it's a difficult patch or not, for an organization of that size with that kind of magnitude of data," said Jon Hendren, director of strategy at security firm UpGuard. "When you're a big organization like that, it's a systemic failure of process and the blame goes straight to the top." ("How the Equifax data", 2018). Equifax announced its chief information officer and chief security officer are "retiring.", to little, to late. Timing is key when notifying stakeholders after a breach. Proposed European regulations mandate breach notification within 72 hours. There needs to be processes in place by which companies notify customers of a breach, this should be part of their post-breach responsibilities ("Three big lessons we all need", 2017).
This Equifax event is another reminder that we depend on critical systems, networks and data repositories that are not as secure as they should be. These commonplace data breaches will continue and have widespread effects until society as a whole (industry, government and individual users) is able to objectively assess and improve cybersecurity procedures. This event was larger than the following:
110 million victims in 2013 at Target
45 million TJX customers hit in 2007
20 million or so current and former government employees in the 2015 U.S. Office of Personnel Management incident.
Yahoo’s 2016 loss of user records, with a purported one billion victims, likely holds the dubious record for most victims in a single incident.
Cyber-complacency is here and growing, one element of this problem is the so-called “cyber insurance” market. Companies can purchase insurance policies to cover the costs of response to, and recovery from, security incidents like data breaches. Equifax’s policy, for example, is reportedly more than US$100 million; Sony Pictures Entertainment had in place a $60 million policy to help cover expenses after its 2014 breach "Equifax breach is a reminder", 2018).
Effective security guidelines and practices must become fundamental parts of daily business. We must change our thinking for the better. Unless we change, the same mistakes will happen again. These breaches are a failure of leadership and culture as much as they are failures of network security.
References
Bohmayr, D. D. (2017, September 20). Three big lessons we all need to learn from the Equifax data breach. Retrieved March 14, 2018, from https://www.cnbc.com/2017/09/20/cybersecurity-lessons-from-equifax-data-breach--commentary.html
Forno Senior Lecturer, R. (2018, March 13). Equifax breach is a reminder of society's larger cybersecurity problems. Retrieved March 14, 2018, from http://theconversation.com/equifax-breach-is-a-reminder-of-societys-larger-cybersecurity-problems-84034
Happen, H. D. (n.d.). How the Equifax data breach happened: What we know now. Retrieved March 14, 2018, from http://money.cnn.com/2017/09/16/technology/equifax-breach-security-hole/index.html
Merle, R. (2017, September 25). Equifax manages 1,200 times more data than the Library of Congress. That's why people are so worried. Retrieved March 14, 2018, from https://www.washingtonpost.com/business/economy/equifaxs-breach-is-not-its-first-brush-with-concerns-over-handling-of-personal-data/2017/09/25/3f41cfee-9fc4-11e7-8ea1-ed975285475e_story.html?utm_term=.79d8951f9028
there are multiple data attributes reported whenever a person is paid, including how much a person earns and how much was comprised of a bonus, so were in an uproar about SSN and creditor information but the truth is they hold much more information on each consumer in their datastore. For several days after the notification, consumers were directed to a fake site that looked like Equifax but was a hoax.
For years I patched servers on patch Tuesdays, or whenever patched were released at least weekly if not daily depending on the criticality of the patch released. While it would have been great to have had the luxury of multiple systems so we could patch and test, that was not always the case. My team and I were charged with securing our systems. Sometimes we were proactive and sometimes reactive. In the case of virus outbreaks, depending on the severity the team would be more concerned with putting out the immediate fire and dealing with smoldering ashes later. In other words, sometimes we would spend the next few hours fixing the application etc., Equifax stated patching software at big corporations with many machines does takes time. They had to first identify the vulnerability, then implement and test the patch to make sure it didn't break anything before making it public. I saw hogwash! Any security expert worth theheir salt will tell you Equifax should have moved faster ("How the Equifax data", 2018).
"There's really no excuse whether it's a difficult patch or not, for an organization of that size with that kind of magnitude of data," said Jon Hendren, director of strategy at security firm UpGuard. "When you're a big organization like that, it's a systemic failure of process and the blame goes straight to the top." ("How the Equifax data", 2018). Equifax announced its chief information officer and chief security officer are "retiring.", to little, to late. Timing is key when notifying stakeholders after a breach. Proposed European regulations mandate breach notification within 72 hours. There needs to be processes in place by which companies notify customers of a breach, this should be part of their post-breach responsibilities ("Three big lessons we all need", 2017).
This Equifax event is another reminder that we depend on critical systems, networks and data repositories that are not as secure as they should be. These commonplace data breaches will continue and have widespread effects until society as a whole (industry, government and individual users) is able to objectively assess and improve cybersecurity procedures. This event was larger than the following:
110 million victims in 2013 at Target
45 million TJX customers hit in 2007
20 million or so current and former government employees in the 2015 U.S. Office of Personnel Management incident.
Yahoo’s 2016 loss of user records, with a purported one billion victims, likely holds the dubious record for most victims in a single incident.
Cyber-complacency is here and growing, one element of this problem is the so-called “cyber insurance” market. Companies can purchase insurance policies to cover the costs of response to, and recovery from, security incidents like data breaches. Equifax’s policy, for example, is reportedly more than US$100 million; Sony Pictures Entertainment had in place a $60 million policy to help cover expenses after its 2014 breach "Equifax breach is a reminder", 2018).
Effective security guidelines and practices must become fundamental parts of daily business. We must change our thinking for the better. Unless we change, the same mistakes will happen again. These breaches are a failure of leadership and culture as much as they are failures of network security.
References
Bohmayr, D. D. (2017, September 20). Three big lessons we all need to learn from the Equifax data breach. Retrieved March 14, 2018, from https://www.cnbc.com/2017/09/20/cybersecurity-lessons-from-equifax-data-breach--commentary.html
Forno Senior Lecturer, R. (2018, March 13). Equifax breach is a reminder of society's larger cybersecurity problems. Retrieved March 14, 2018, from http://theconversation.com/equifax-breach-is-a-reminder-of-societys-larger-cybersecurity-problems-84034
Happen, H. D. (n.d.). How the Equifax data breach happened: What we know now. Retrieved March 14, 2018, from http://money.cnn.com/2017/09/16/technology/equifax-breach-security-hole/index.html
Merle, R. (2017, September 25). Equifax manages 1,200 times more data than the Library of Congress. That's why people are so worried. Retrieved March 14, 2018, from https://www.washingtonpost.com/business/economy/equifaxs-breach-is-not-its-first-brush-with-concerns-over-handling-of-personal-data/2017/09/25/3f41cfee-9fc4-11e7-8ea1-ed975285475e_story.html?utm_term=.79d8951f9028
Saturday, August 25, 2012
Study this...
“An anxious heart weighs a man down, but a kind word cheers him up” (Proverbs 12:25, NIV).
“I sought the LORD, and he heard me, and delivered me from all my fears” (Psalm 34:4).
“Do not be anxious about anything, but in everything, by prayer and petition, with thanksgiving, present your requests to God. And the peace of God, which transcends all understanding, will guard your hearts and your minds in Christ Jesus” (Philippians 4:6-7).
“Humble yourselves, therefore, under God’s mighty hand, that he may lift you up in due time. Cast all your anxiety on him because he cares for you” (1 Peter 5:6-7) (Also seePsalm 55:22-23)
“Then Jesus said to his disciples: ‘Therefore I tell you, do not worry about your life, what you will eat; or about your body, what you will wear. Life is more than food, and the body more than clothes. Consider the ravens: They do not sow or reap, they have no storeroom or barn; yet God feeds them. And how much more valuable you are than birds! Who of you by worrying can add a single hour to his life? Since you cannot do this very little thing, why do you worry about the rest?’” (Luke 12:22-26, NIV). (Also see Matthew 6:25-34)
“Why are you downcast, O my soul? Why so disturbed within me? Put your hope in God, for I will yet praise him, my Savior and my God” (Psalm 42:5).
“Trust in the LORD with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make your paths straight. Do not be wise in your own eyes; fear the LORD and shun evil. This will bring health to your body and nourishment to your bones” (Proverbs 3:5-8).
“…the Spirit helps us in our weakness. We do not know what we ought to pray for, but the Spirit himself intercedes for us with groans that words cannot express. And he who searches our hearts knows the mind of the Spirit, because the Spirit intercedes for the saints in accordance with God’s will. And we know that in all things God works for the good of those who love him, who have been called according to his purpose” (Romans 8:26-28).
“And my God will meet all your needs according to his glorious riches in Christ Jesus” (Philippians 4:19).
“I can do everything through him who gives me strength” (Philippians 4:13).
The apostle Paul found his strength in God, He reminds us that, “I …have …been in prison …frequently, been flogged …severely, and been exposed to death again and again. Five times I received from the Jews the forty lashes minus one. Three times I was beaten with rods, once I was stoned, three times I was shipwrecked, I spent a night and a day in the open sea, I have been constantly on the move. I have been in danger from rivers, in danger from bandits, in danger from my own countrymen, in danger from Gentiles; in danger in the city, in danger in the country, in danger at sea; and in danger from false brothers. …I have known hunger and thirst and have often gone without food; I have been cold and naked. …Who is weak, and I do not feel weak? Who is led into sin, and I do not inwardly burn? If I must boast, I will boast of the things that show my weakness. …I will not boast about myself, except about my weaknesses. …[God] said to me, ‘My grace is sufficient for you, for my power is made perfect in weakness.’ Therefore I will boast all the more gladly about my weaknesses, so that Christ’s power may rest on me. That is why, for Christ’s sake, I delight in weaknesses, in insults, in hardships, in persecutions, in difficulties. For when I am weak, then I am strong” (2 Corinthians 11:23-12:10).
“So we say with confidence, ‘The Lord is my helper; I will not be afraid. What can man do to me?’” (Hebrews 13:6).
“…put your hope in the LORD both now and forevermore.” (Psalm 131:1)
Also read: Psalm 139:1-23
So...
Here goes... Once again I can't sleep, way to many thoughts racing through my mind. Wondering what the future will bring. The lord still brings me comfort with each passing moment, I heard this quote from the bible and I especially liked this one from Isaiah 43:18 "Do not call to mind the former things, Or ponder things of the past." Were all dying in our own way I once thought but aren't we really living?
Subscribe to:
Posts (Atom)