By Dr. Edward G. Amoroso, Former SVP and CSO of AT&T; Current CEO of TAG Cyber, LLC.
Imagine this: You are an evil cyber intruder, part of a criminal group targeting enterprise businesses for customer medical and financial records. Your goal is to quietly steal without getting caught. During surveillance, you notice that your victim’s system administrators have made bad decisions, leaving unnecessary ports open, and advertising to the Internet many unnecessary services – some apparently by default. You exploit these weaknesses to initiate a northbound break-in. This is followed by simple lateral traversal inside the firewall, also exploiting bad administrative decisions such as weak access settings on SharePoint sites. And finally, after you’ve found the sensitive files you wanted, you easily exfiltrate the data through wide-open outbound Internet access. The offense wins this battle.