Sandworm, by Andy Greenberg, is an exceptional read that documents the cyber attacks on the Ukraine, along with the threats relating to the cyber war on our infrastructure. While largely forgotten now, due to partisan politics and squirrel chasing by the media, the NotPetya ransomware that spread several years ago was one of the first times we had seen SciFi come to life.
The attack started on June 28, 2017, and spread around the globe at an alarming rate damaging business of all types, governments, utilities, and even software companies. It appeared to have launched from an accounting software based out of Ukraine called M.E.Docs. What made this attack so historical is that it actually started years before it was unleashed on the world and the software company knew nothing about it.
When asked how it was possible to go unnoticed for so long, the CEO of the software company said “We do quite basic and simple things. We help out accountants. We saw ourselves as quite distant from cybersecurity issues”.
Reality Strikes
The statement made from the CEO of M.E.Docs represents a very common sentiment that quite frankly terrifies me every time I hear it. Here we have a simple organization that does nothing more than make accounting software to help companies maintain their records. Often times these companies unknowingly have holes in their website, that then leads to a foothold into a network, which can ultimately then lead to a global cyber security situation. How does this happen? That is a complicated technical answer and I would love to take the time to explain, but this is not the correct platform. In short, it happens because of the concept of Get it to Work vs. Make it Secure. Companies should strive for Get It To Work and Be Secure, but that is yet to be the dominate motive. In a rush to market, while maintaining a sense of competitiveness along with agility, many organizations do not put security testing as part of their modus operandi.
Every organization needs to protect itself from attacks. To quote Andy Greenburg, “the barbarians are already at every gate.” Attackers are banging away at your internet connection, your website, and your database as you read this. They will look for any foothold possible to gain access to your devices, allowing them access to financial and strategic grain, which they then will look to leverage into something bigger. Every major data breach you have heard of started with a small hole. And the attackers just don’t focus on the big companies! They focus on companies. Period.
Gain access to enough midsize organizations and you will find one with a connection to something larger. It is literally that simple of an explanation. It is arrogance for you to believe they are not interested in your network.
I strongly recommend this book. Although I thought that it was unnecessarily political, it provided an unmatched breakdown of cyber attacks. Furthermore, this book utilized a real world scenario illustrating the dangers that are ever so close to impacting our daily lives.
It is not a question of if we will have a problem, but when.