I caught a breaking story on CBC National this evening and it pretty much resolved a question that I was struggling with.
The story was that two Canadian Federal Government Department had been severely breached. Treasury and Finance. It happened a month ago and they are still in recovery mode (a.k.a. finding all of the virtual moles hiding in all of their systems). What they did was the right way of handling an virtual mole a.k.a. ghost in the machine – they disconnected both departments entirely from the internet. The moles could not report back to their masters – even if they had internal relay points. If an employee needed to check something on the internet (or even send email outside of the isolated departments) they had to head home or to a coffee shop. The hack managed to send emails out to have people change passwords via a bogus site from senior officials because there was a security breach of passwords! Talk about self-fulfilling email messages!
- Foreign hackers attack Canadian government
- Chinese attack cripples computers in federal departments: report
And what was the question? If you move to the cloud and are subject to an equivalent attack, how do you survive? Unlike the above government departments, you cannot pull the plug and get complete isolation. Moving to a private network on the cloud sounds good but it may be a sieve with an elegant infection unfortunately.
The common mistake that I have seen often, is a gross underestimation of the ability of hackers. Typically, people anticipate only what they are capable of doing… hackers are creatures of higher intelligence and perseverance than most folks.