I know, it seems rare when we find it. I would have been hauled off along time ago and locked in the loony bin if I had stopped down every insane security discussion I was having by screaming SERENITY NOW!
I spoke with a retailer this morning that started a conversation with “We do security in an unconventional way.”
At this point, my finger is moving toward the giant eject button I carry with me for situations just like this. Think about the “Easy Button,” but instead of easy, it says EJECT and flies me far, far away.
Then the individual surprises me and says, “We treat our network as compromised instead of trusted, and adjust our security practices and posture accordingly.”
. . .
YES! FINALLY someone gets it! Retail networks should NOT be trusted. Remember the example I often use about how hard it is to get into the corporate headquarters, let alone the corporate data center, versus only needing a crowbar (sometimes not even that) to get into a retail store location. Why do people inherently trust networks that they manage, but obviously have little to no control over?
If you are retailer, you should hire a company to break into your store locations to see what all could walk out the door. Maybe even up to and including the whole breaking and entering part (sans bodily harm). The benefit of what you will learn about your environment would have to be worth the $40K for an assessment, and some money for repairs.
Thank goodness for some serenity this morning; I needed it.
Possibly Related Posts:
- Selective Domain Filtering with Postfix and a SPAM Filtering Service
- PCI DSS 4.0 Released plus BOOK DETAILS!
- Preventing Account Takeover, Enable MFA!
- Proofpoint Patches URL Sandbox Bypass Bug
- Improve Outbound Email with SPF, DKIM, and DMARC