Lesson 1: Be paranoid about handoffs and blind spots
Many data breaches occur because attackers take advantage vulnerabilities in the “spaces between” different functions. They exploit these weaknesses, often during a handoff from one silo to another.
For example, there are a lot of movies in which criminals take advantage of short-term blind spots to do a “switcheroo.” In a lot of heist movies, a truck goes into a tunnel filled with gold but when it exits at the other end of the tunnel the criminals have swapped it for an identical truck filled with something worthless.
The lesson here is “trust, but verify.” Try to instrument as much of your process as possible to minimize blind spots and, when something (a system, a transaction, an install package, etc.) is out of your control for some period of time, validate it before you assume it hasn’t been tampered with.
Lesson 2: Use baselines of what’s normal, so you can quickly detect the abnormal
[Spoiler alert!] In the movie, “The Inside Man,” the police spend a lot of time trying to figure out how criminals got something valuable out of the bank, but are never able to figure it out. In reality, the “stolen” item had never left the bank at all – the criminals had added a false wall in the vault, and one of the criminals was in the resulting hollow space with some food, water, and a bunch of diamonds. He waited a while for the frenzy to die down, left his crawl space, and simply walked out of the bank unnoticed. This technique worked because nobody noticed that the vault room was slightly smaller than it had been in the past.
From this movie, we can learn to rely on baselines and automation to catalog the normal and expected state of things, so we aren’t fooled by the equivalent of a false wall in your infrastructure. Cyber criminals can hide things in plain sight by tucking them away inside an alternate data stream that is invisible to your normal file management tools. Take steps so you aren’t fooled by innocuous appearances. Use file hashes, transaction checksums and signed components to ensure that even subtle changes are brought to your attention.
Lesson 3: Beware of distractions, imposters, spoofed information, and sleight of hand
OK, Lesson 3 is really a bunch of lessons all rolled into one, but I loved the movie so bear with me (and yes, this is another Spoiler Alert).