Rob Cheng's Blog
The Ten Biggest Lies in Cybersecurity

Biggest Lies in Cybersecurity

1
Prevention is futile
About 10 years ago, long before the ransomware pandemic began, the powers that be decided that cyber prevention was futile, and cyber security should exclusively focus on reaction. Development and improvements to legacy preventative solutions were halted in favor of reactive architectures such as next generation antivirus, Enhanced Detect and Respond (EDR), Extended Detect and Respond (XDR), and Endpoint Protection Platform (EPP). A more prudent and effective strategy is a hybrid between prevention and reaction, however abandoning prevention, maximized revenue for the cybersecurity industry.
2
Multifactor authentication is the answer
Although MFA is prevention, MFA is expensive with recurring maintenance costs. Not all ransomware enters through an authentication breach. Lately, the ransomware makers are offering insiders of a bounty of $100,000, to release ransomware onto a network. MFA is good but insufficient in itself to thwart ransomware.
3
Backing up data stops ransomware
When ransomware was in its infancy, good backups enabled quick restoration of operations and no ransomware payments. Today’s ransomware exfiltrates data, disables backup services, and encrypts the original data set and the backup too. Airgapping backups is useless, since the ransomware waits until the backup is not airgapped, and encrypts at that time. Restoring from backup is good for disaster recovery except for ransomware.
4
Reacting quickly is the key to stopping ransomware
While it is possible to monitor, detect and respond to malicious human activity, ransomware traverses a network at 100 to 1000 times the speed of humans. Ransomware infects a network in seconds or perhaps a few minutes. People cannot respond fast enough.
5
Ransomware is here to stay
Repeating this lie is job security for the sycophants of the cybersecurity industry. Ransomware is a business with revenues (ransom payments) and expenses. Proactively preventing the ransomware from entering the network simultaneously drives down revenue and increases the costs of the ransomware business model. Ransomware is a metastasizing cancer, but there is still time to suffocate its lifeblood, money.
6
The problem is Russia
Ransomware is the monetization of security holes. The purveyors of ransomware only need a fast internet connection, obfuscation tools, and a country outside of American law enforcement. Even if ransomware’s origin were Russia, ransomware could be made almost anywhere whose citizens are looking to make a quick million and get away with it.
7
The higher the budget, the better the cybersecurity
This one is up there with “lather, rinse, repeat” and “drinking alcohol daily improves life expectancy”, although you got to love the moxie. Cybersecurity giant, Accenture, was hit with a garden variety ransomware that stole terabytes of proprietary data, and a $40M ransom. Accenture had almost unlimited budget for cyber. The Accenture infection is analogous to the neighborhood fire department, fire trucks, and firemen burning to the ground.
8
Layered security is the right approach
This lie is the cybersecurity industry saying that they have no idea whether this widget works, and neither do you, so you might was well give it a try. This Frankenstein approach to cybersecurity makes it impossible to understand what works and what is useless. Paying for useless security maximizes revenue for the cybersecurity industry.
9
There are no silver bullets
Application whitelisting is the silver bullet. NIST advises organizations to use modern whitelisting programs, also known as application control programs, to stop cyber threats. The Australian Signals Directorate’s Essential Eight Maturity Model has four levels (0-3) and levels 1, 2, and 3 require application whitelisting.
10
Cybersecurity is complicated
The cybersecurity industry’s ineffective, reactive, throw spaghetti at the wall, prevention be damned architecture is complicated and intellectually out of reach for businesses, lawmakers, and laypeople. There are many prevention paradigms in our society and none are complicated. Health care, fire prevention, tooth paste, home security and so on. Making cybersecurity unduly obtuse and complicated is part of the industry’s sales playbook but it doesn’t have to be this way.
?
What you can do
Stop repeating the lies. Use common sense. Keep an eye on Australia. When buying cyber products, ask your well dressed, attractive, articulate sales person whether any of their customers have been infected with ransomware lately.

Leave a Reply

Your email address will not be published.


Xcaret Adventure

Our last adventure for our Cancún vacation was to a wonderful place called Xcaret which is one of the coolest tourist destinations in the area. The highlight is a man made salt water that runs through the park. Each person puts on a life vest, and swims throughout the river. There are numerous spots to take selfies built into the trip. There are numerous restaurants, and we saw two shows. The first one was a Mayan dance show and the second they call the Spectacle. Dinner was included, and it was as spectacular as the name suggests. The show lasted about an hour and a half and reviewed the history of Mexico through song and dance. The park includes an aquarium and a small zoo, plus places to swim and a boat ride. If you are going to do one thing while in Cancún, it should be Xcaret.

They have a technology, where each person gets a wrist band, and it takes a Xelfie in hundreds of different places. These photos are an assortment of our Xelfies.

1920 x 1280
2738 x 2689
6000 x 4000
3331 x 3708
2960 x 3620
4000 x 4287
2943 x 3016
4000 x 4836
3171 x 3683
2996 x 3694
2766 x 3495
3028 x 3993
6000 x 4000
4000 x 6000
3432 x 3770
2290 x 2914
6000 x 4000
3003 x 2948
4000 x 6000
4000 x 4625
2259 x 2704

Leave a Reply

Your email address will not be published.


Mayan Cenote

We went on an excursion to Chichén Itzá and then our group visited a Mayan Cenote which was the highlight of the trip. Cenote is the Mayan word for a sink hole or underground cave. The height of Mayan accomplishment is the monuments built in Chichén Itzá which took hundreds of years to construct. It was fascinating to see how the Mayan people live today in the Yucutan. We had a typical Mayan meal primarily consisting of chicken and tortillas. Later, a Mayan priest blessed our trip into the cenote. We rapelled down 60 feet into the cave into the super cold and refreshing water. The Mayan people took these photos and then sell them to tourists as a new form of income. It was great.

1841 x 1996
946 x 1357
2000 x 2992
2000 x 2992
1922 x 1999
1581 x 2000
2000 x 1960
1565 x 1656
2156 x 1730

Leave a Reply

Your email address will not be published.


Rio Secreto

While on vacation in Cancún, my wife booked an excursion to Rio Secreto, which is about a 2 hour bus drive from our hotel. It was so worth it. They discovered a cave system that can be explored by tourists. Some time ago, we went to Ruby Falls in Chatanooga, TN and this blows that away. With a patient guide, we spent an hour and a half swimming, wading and walking through the incredible formations in the cave. This is highly recommended.

1920 x 1698
810 x 1080
1920 x 1618
945 x 1080
750 x 1080
927 x 1080
915 x 1080
1326 x 1080

Leave a Reply

Your email address will not be published.


Get Out of Neutral

For one year, the world has been stuck in neutral. People are waiting for an invisible hand to move the gear shift back to DRIVE. The masses flock to Netflix and Facebook hoping that somehow the world will become unstuck. Life is short and I don’t want to waste a day and certainly not a year being stuck. We are the invisible hand and our actions define whether the gear shift will move the vehicle forward. I refuse to live my life in neutral.

One thought on “Get Out of Neutral

Leave a Reply

Your email address will not be published.