Breaking News: Company Fully Secured!

Status

Another day, another breach. Why don’t the good guys ever make the news?! Well, I decided to facetiously report on a company that has done the impossible. Prepare for corniness…

Breaking news: Security is not a journey, it’s the destination!

Today I’m excited to tell you about a company, Foolery Jewelry, that has dedicated their efforts and finances to completely eliminate all cyber security risk. It was not a simple undertaking, but they thought outside the box and were successful. They have redefined defense-in-depth as we know it. Here’s how they did it.

Wooden-Mallet-15555-large

  1. Security Awareness Training – After realizing that traditional methods were only partially effective, a home-grown user education package was developed. The concept was a simple twist on Pavlovian reconditioning. Every time an user clicked on a link in their email or opened an attachment without first verifying the source, a large rubber mallet extended from behind the user’s monitor and gently whacked the user on the head. This was quite effective for a time, but the users adapted and began to wear bike helmets to work so they could still view funny cat memes between placing incoming jewelry orders. Another layer was needed!                                                                                                                                                clip-art-mouse-697991
  2. Host-based Intrusion Prevention System (HIPS) – Although progress was made with the security awareness training program, it was clear that additional measures were required. To discourage clicking altogether, computer mice were replaced with actual mice. The amount of mallet hits plummeted, malware infections decreased and the company enjoyed an unexpected side effect. Namely, worker productivity spiked and sales doubled. Other large companies were quick to follow suit. In other news, Facebook’s stock took a nose dive. However, this method also was limited in effectiveness as workstations were gradually replaced by tablets, phones and other touchscreen devices that no longer required an archaic pointing device.                                                                               no-global-internet-2400px
  3. Next, Next Generation Firewall – Layers one and two certainly helped, but it became clear that a next generation firewall was required. I’m not talking about a Palo Alto or CheckPoint NGFW. Foolerly Jewlery made a seemingly drastic decision and air-gapped their entire network. Internet connectivity was completely eliminated. As it turned out, only a very small group of their employees required internet connectivity to do their job. Those individuals were fired and investors cheered because costs were reduced with no reduction in profit.

    https://foswiki.org/Community/WikiWatch

  4. The No Network, Network – With no connection to the outside world, it seemed as if their company was fully secured. That’s when things got interesting. An employee found a USB stick outside in the parking lot labeled as “Layoff Plan.” They secretly plugged it in and not-so-secretly infected their computer. That computer then infected other computers and it seemed as if all their security measures failed. It was time to kick things up an notch. Every computer was disconnected from the network altogether. USB ports were filled in with rubber cement, network cards were uninstalled, and network cables were cut. Stand alone workstations were used to fill out spreadsheets and each worker essentially ran their own mini-instance of Foolery Jewelry. This was a new business model for Wall Street, progressively referred to as the “micro-business island computing model” and sales continued to grow. Captains of industry applauded the model and even Amazon vowed that by 2020, they would convert their business to a network-free ecommerce platform. Gartner couldn’t explain what that meant, but they created a new magic quadrant none-the-less for a new vertical of technology offerings called “Network-free Networking (NFN).” Marketing teams quickly replaced all references to SDN with NFN and the cold calling began.

    Faraday-Cage-transparent

    http://www.herzan.com/products/electromagnetic-interference-isolation/faraday-cages.html

  5. Wireless Prevention Cube – There was still concern about employees introducing unauthorized hostpots using the iPhone 14 SE Plus 2 Android Edition wireless hotspot feature. The decision was made to wrap every cubicle in a Faraday cage, with no door or entrance that an employee could unwittingly leave cracked open. No leakage in or out. Strangely, sales came to a screeching halt as employees arrived to work and with no access to their cubicle, had no choice but to spend the day eating bagels in the break room.

Foolery Jewelry reached their cyber security goals, and fully secured their company. Unfortunately, they also destroyed their company. This was supposed to be a good news article. Oops.

Is your security road map similar? The reality is that security can not be purchased or deployed. It has to be managed. There is no way to eliminate risk or fully secure any piece of technology. But thought should be put into how and what we are trying to secure. Listen to vendors, but don’t do everything they say. Right now there is a security-vendor bubble in the works. Every start-up has Wall Street behind it, and of course they have the answer on how to fully-secure your company. Impossible! Nonetheless, when the bubble bursts, there will be many new security companies still standing and many others that no longer exist. Not to mention the many victimized companies that will fall along the way after investing heavily in these solutions, but still suffering a major breach. Foolery Jewelry is one company who just didn’t make it. Will yours?

What’s your favorite security-related magic quadrant? CASB? NGFW? Let us know in the comments below.

Thanks for reading and don’t forget to subscribe!