Taking Time To Go Fishing (Not Phishing)
I was enjoying a relaxing day of fishing last weekend, a low-tech hobby that I have enjoyed since I was probably 5 years old. I had all of the essential components that make for a successful day of fishing: good weather, cigars, beer, and beef jerky. I set out to fish some of my favorite spots on the pond, using my tried and true artificial lures that are known to work on this pond in these conditions (I will spare you all the details). I noticed that there was one other fishing party on the pond who had navigated their small boat over to the dam and begun fishing, albeit with live bait. If there is one thing I believe in as a fisherman, it is that using live bait is cheating. I mean sure its fun every once and a while, and certainly useful for keeping the kids occupied while fishing as you tend to catch a lot more fish. In any case, I was fishing within site of the folks on the dam who were not catching any fish and caught two small fish right in front of them. On the second fish I noticed something interesting sticking out of the fish's mouth, a set of nasty little pinchers! The fish must have been hungry because not only did it consume a crawfish, but also my imitation worm. I decided to change spots to just across the pond where there was a prime spot with some logs sticking out of the water. I changed baits to an imitation crawfish (digging through the tackle box to find one) and on my first cast as soon as the lure hit the water my line started pulling. I reached forward and then quickly leaned back to set the hook. To my pleasant surprise it was a 3 pound large mouth bass, the largest I had caught all season! Needless to say this had to frustrate the folks fishing off the dam with live bait. Am I a master fisherman headed for the professional fishing circuit? Not even close, but it speaks to common sense that we all need to have.
Adapting To The Changing Landscape
How does this relate to our field? It doesn't really, i just wanted to share my fishing story with you. Just kidding (sorta)! We certainly need to exercise common sense in the security field, and there are far too many areas where we are using tried and true methods of defense (or offense) and its just not working as well as it used to. The big question is, why? The landscape and environment is constantly changing, and we need to observe what's in our environment if we are to be successful hackers, defenders, and fisherman. For example, consider the following areas:
Organizations need to take a long hard look at their overall defensive strategies on a regular basis. Adjust your strategies and be adaptive. I think the hardest part is keeping management up to speed. It seems like just when we convince them that one technology is vital to your survival from attacks, something new or different crops up and changes the landscape. Then, well, lather, rinse, repeat (we started with firewalls, to Anti-Virus, to IDS/IPS). You need to identify security strategies that stand the test of time and put effort into them, such as:
The above items are like a net - they will always catch some fish regardless of the conditions.