QA Cyber Security Trainer, Graeme Batsman, offers a first-hand opinion on single-factor authentication and the exposure of company platforms to the internet.
As someone who has worked on/off in 'cyber', 'data', 'information' security for around thirteen years I have seen some things change for the better and many things which have not changed from when I started working in 2004 plus many hilariously stupid things I have seen across both public and private sector. Products like ticketing systems (Peregrine & Remedy), CRMs (Salesforce & Microsoft Dynamics), defect trackers (Jira & Confluence) and other categories are or really have moved away from the days of desktop installations.
Desktop installations had pros (speed, security and no internet connection needed) and cons (installation needed, configuration is fiddly and a company device is needed). With desktop installations you needed to have the right software, configuration settings, user/password, company issued device and be on the network for it to work. You couldn't simply download the general software and enter a user/password. Now things have changed for the better or worse depending on your stance – SaaS (software as a service).
QA Cyber Security Trainer, Graeme Batsman, discusses how you need to focus on outbound as much as (or more than) inbound rules.
Remember the last Hollywood film you watched? The bad guys or bad girls break into a bank vault, museum full of priceless artefacts or an Indiana Jones style secret cave crammed full of Inca or Maya treasure. They manage to get in, find what they want and then annoyingly the security protocol is triggered, and the security shutters come down or a curse is activated. Of course, they manage to escape in the end or the film would cease quickly. Inbound defences in this (fictitious) case are good and outbound are even better yet not in the real physical or cyber world in a lot of cases.
If a burglar or hacker breaks into your building or network, he/she needs to get out with or without his/her loot. It is of course not good if someone breaks in but if they can extract a diamond or file even worse… Not that you want a burglar trapped in your house permanently! The aim of most hackers is to exploit a vulnerability, download a payload or open a SSH connection for future use and then extract the organisations secrets. General un-targeted mass market ransomware is the same, once it downloads the .exe it needs to reach out to generate a public/private key pair. If it can't reach out or the domain name is blocked by the web filter, the decryption process will not happen.
