A while back, I wandered straight into the middle of a
conversation between colleagues and overhead one of them say the wonderful
phrase “isolate the stupid”. To be fair, I have taken it completely out of
context of the original conversation, but I liked the phrase so much I thought
I would use it for my own nefarious ends. Muhaha.
Over the years, I have regularly been called upon to provide
help to organisations that have suffered a breach, and need to quickly find out
what happened so that they can retrospectively bolt the door (so no more horses
can escape).
A common contributing factor I often see in this kind of
situation is a huge, flat internal network structure. One that mixes all classes
of device together on the same logical wire: servers, desktops, peripherals and
(horror-of-horrors) bring-your-own devices. In this situation, all it takes is
one stupid mistake, such as a user clicking on a misleading phishing email, and
the attacker suddenly has unrestricted access to the whole internal
network. Game over.
In security parlance, compartmentalisation is the concept of
breaking environments into discrete, logical components, whereby a failure is
contained from spreading. In almost all these situations a modicum of
compartmentalisation would have either prevented, or greatly reduced, the
impact of the breach.
So there you have your top tip for the day: isolate the
stupid.