Social Engineering Blogs

What businesses can learn from armadillos, seahorses, and zebras. By GilesWitherspoon-BoydHackers are a lot like predators in the wild. After finding an unsuspecting animal, nature’s hunters test their victim for weaknesses before taking it down. Just like nature’s hunters, hackers aren’t looking for a challenge. They’re looking for an easy target. Unfortunately, it seems as if hackers are always one step ahead. So how do you avoid becoming dinner? Take a clue from nature. It’s all about defense mechanisms.Tweet1. The LookoutDwarf mongoose post sentries that stand on their hind legs to watch for birds (their main predator). When a bird is sighted, they send a warning call to others and run to safety. Just like the sentries that stand outside dwarf mongoose burrows, businesses have file integrity monitoring software, or log monitoring. Log monitoring systems collect and store logs. Logs are user actions inside an operating system (e.g., renaming a file, opening an application). Some systems have a real-time reporting system (like the dwarf mongoose call) that alerts you via email or text of suspicious activity.Reviewing logs on a regular basis helps identify malicious attacks on your system. According to the PCI DSS, businesses are supposed to have 12 months of logs stored, with 3 months readily available. Systems that have log monitoring capabilities include operating systems, Internet browsers, point of sale systems, firewalls, and intrusion detection systems (IDS). Some systems do not automatically enable logging (e.g., Windows XP out of the box has logging turned off).2. The UpgraderIn the animal kingdom, bigger is often better. A larger, stronger set of antlers helps white-tailed bucks successfully battle other males during mating season. Every year, they shed their antlers to grow bigger ones for next season.Just like deer upgrade their antlers, you should be regularly updating your software to make sure it has the most up to date patches for security vulnerabilities. Devices and software that should be regularly updated include: operating systems, anti-virus software, POS terminals, firewalls, intrusion detection systems (IDS), mobile devices, Internet browsers, app software, and more. 3. The HiderEveryone knows that chameleons change colors to match their environment and allow attackers to pass them over. But so do seahorses, cuttlefish, octopus, and dozens of other animals. Changing colors is a great defense mechanism for animals without strength or stamina. Just like these animals hide their vulnerable bodies, it’s important for you to hide what’s most important to your business: customer credit card data. Did you know 63% of businesses store unencrypted card data? If a credit card isn’t encrypted, it’s completely exposed on your network, with no camouflage protecting it from predators snooping around. Encryption is the best way to hide data, but by finding and deleting unnecessary data, you have nothing to hide. After all, hackers can’t steal what isn’t there.4. The TankSome animals undergo structural changes to protect their bodies from predators. Take the thick skin of the armadillo. It’s made of an armor-like substance and can roll into an indestructible ball if the armadillo is threatened. The structural change businesses should use to protect their business is a firewall, both software and hardware. Like a security guard, properly configured firewalls control what goes in, and what comes out of your business. SEE ALSO: How Does a Firewall Protect a Business?5. The TricksterZebras use their striped pattern as an optical illusion to confuse predators. Because each zebra has a unique striped pattern, it’s difficult for predators to single one out. Businesses should apply the zebra strategy to passwords. Each network, device, and user should have a unique username and password. In addition, make sure each of those unique passwords are difficult to guess. The easiest way to create a tricky password is by creating a passphrase. Anyone love Corey Hart’s 1980’s hit, “I wear my sunglasses at night”? If you do, good. If not, too bad. It’s turning into my example passphrase. To create a complex passphrase, take the first letter of each word, and substitute special characters/numbers where you can. I wear my sunglasses at night –> Iwmsg@n1980!6. The TeacherIn a recent study on lion cubs, researchers learned lions aren’t born with a natural fear of humans. They learn it from their mothers and the rest of the pride. For a species like lions to continue to prosper, their defense mechanism is to quickly teach their young to avoid other species that could harm them…aka humans.Training is such a crucial security strategy. I can’t count how many compromises could have been prevented if staff were simply educated on the dangers of hackers. Business owners, IT staff, and managers must train staff members on physical security, phishing, passwords, policies, etc. so they can take the necessary steps to protect the business. 7. The IntimidatorHave you ever seen a lizard do a pushup? Those lizards are showing their strength to intimidate predators. Do you know the reason gazelles jump so high? It’s to demonstrate their ability to outrun pursuers. You know those lizards that flare extra skin around their neck when they are threatened? By doing so, they appear larger and more threatening to those that may try to eat them.With nothing but their body language, animals signal to predators, “Attacking me is not worth your time. So don’t even try.”While it’s difficult to show to a hacker just how strong your business security posture is, the best way all-around way to maintain solid security is by complying with the PCI DSS. That means going through each section of the Self-Assessment Questionnaire (SAQ) and ensuring your organization’s compliance with all the requirements.SEE ALSO: Which PCI SAQ is Right for My Business?If you liked this post, please share!Giles Witherspoon-Boyd (PCIP) is Enterprise Account Manager at SecurityMetrics and assists businesses in defining their PCI DSS scope. Follow him on Twitter and check out his other blog posts.