Home Explore Help
Register Sign In
gmj
/
home.public.blog
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 74eb095900
Branches Tags
home.public....
/
home
/
public
/
blog
/
content
/
Blog
/
cybersecurity-and-bears.md

cybersecurity-and-bears.md 4.3 KB
History Raw

+++ title = "Bear attacks, no-win situations and cybersecurity" author = ["George Jones"] publishDate = 2020-03-19T00:00:00-04:00 lastmod = 2022-02-26T08:44:34-05:00 tags = ["cybersecurity", "secuity", "privacy", "perspective", "bears"] categories = ["blog"] draft = false +++

I spend a good amount of time hiking in Shenandoah National Park and surrounding areas. I've seen quite a few #bears and I've followed one down the trail. I've been growled at by a mother bear when I unknowingly came between her and her cubs. This is going somewhere related to #cybersecurity. I promise.

You can't outrun a bear. Climbing a tree won't help. If a bear actually decides to attack you, the odds are not in your favor, but fortunately they almost never attack. The old joke goes "I don't have to outrun the bear, I just have to outrun you" because, presumably the bear will catch your slower partner, stop, and not bother you when you both decide to run for it in violation of bear encounter best practices.

This hints at any number of cybersecurity principals:

  • Know your threat model.
  • Know and follow best practices.
  • Don't let fear (or adrenaline) dictate your response.
  • Know and practice situationally appropriate responses (Grizzlies: if attacked play dead. Black Bear: if attacked fight for your life)
  • Be prepared (bear spray, first aid kit)
  • Practice deterrence (make noise, travel in groups)
  • Prevention costs less than recovery. By far.
  • And, of course, make sure the other guy is an easier target. Run faster if you run. Apply patches, have good backups (Hello, ransomware !), have layers of defense, decoys, monitoring, DLP, practice threat hunting, etc. For a decade or so, I've been reflecting on the fact that defensive cybersecurity is a loosing igame. The red team (attackers) always win. I don't like no-win situations.

There's a lesson here:

Don't feed the bears : They become habituated to humans, loose

their inhibition, become a nuisance and sometimes have to be
relocated or killed. Nobody wins.

OK, not that lesson. Lessons like:

Follow best practices : Following best practices CAN help avoid

problems. Not following best practices WILL invite problems.

Have an incident response plan : If you see a bad thing

happening, if it is coming straight for you, what do you do?

Line up the right resources : Do you know how to triage

wounds? Do you have a cell phone? Are you in range of cell
towers? If not, do you have a SPOT to call for help? Where is
the nearest hospital? Are you prepared to shelter in place if
need be?

It's not just you : Feeding the bears or failing to store food

properly might result in perfectly good backcountry shelters
being torn down. And here we are, 20 or so years after it
became clear that that allowing spoofed packets out of your
network enables #DDoS #attacks and we **still** do not have
widespread adoption of reverse path forwarding
checks. **Please** stop spoofed packets at your border !

So it maybe true that few people win in the face of an actual attack, but, it turns out, there are still good reasons to play the game.

1 For Further Reading {#for-further-reading}

Numbers of bear attacks : In North America, only 2-5 people are killed annually by bears: https://www.thealaskalife.com/outdoors/bear-attacks-statistic/ vs (Worldwide) 10 killed by sharks, 50,000 by snakes and 725,000 by mosquitos. https://www.statista.com/chart/2203/the-worlds-deadliest-animals/

U.S. Forrest Service : "Be bear aware" https://www.fs.usda.gov/visit/know-before-you-go/bears

Internet safety 101 : "Internet safety 101: 15 tips to keep your kids and family safe online" https://us.norton.com/internetsecurity-kids-safety-stop-stressing-10-internet-safety-rules-to-help-keep-your-family-safe-online.html. Sure they want to sell you antivirus software, but this is generally good advice.

Ultimate Guide to Cybersecurity : "Your Ultimate Guide to Cybersecurity: At Home, at Work, and on the Go." https://www.ibtimes.com/your-ultimate-guide-cybersecurity-home-work-go-2818655. A little more in depth.

CIS Critical Controls : "The Center for Internet Security (CIS) Critical Security Controls" - https://www.cisecurity.org/controls/cis-controls-implementation-groups/ More in depth. For enterprises.