Note from the author: While writing this blog post I ran into a client where I needed to spray against the Office365 portal hosted by Microsoft directly and wrote some code to do so. If you just want to read that bit, skip to the end.
Preventing COVID Cyber Breaches: ProCircular Offers Free Cybersecurity Scans to Critical Infrastructure
Before a company starts down the path of information security, there’s often a looming feeling that something isn’t right and that the steps to fix it will take effort. I liken it to a messy room that they’ve simply closed the door on, so they can try to forget there is a mess to clean up. Every time they walk by the room, they feel a twinge of embarrassment or a spark of motivation to tackle the problem; however, that emotion lessons every time they walk by until the feeling evaporates. Now the messy room has been “normalized.”
ProCircular takes a broad approach to service continuity. In this spirit, we must consider the effects of a potential COVID-19 (coronavirus) outbreak in the coming months. While we expect little or no impact on either our products or services, we would like to provide some detail regarding our preparedness.
If you were going to test the fault-points of a building, you wouldn’t hire the architect, you’d hire a demolitions expert. Similarly, you don’t want the designer of your network testing its security. If the team that configures your network does so incorrectly, they are most likely unaware. The creator of the environment has an inherent bias based on the angle from which they view it. They are blind to vulnerabilities, not necessarily because they are under-qualified, but because they are too close to the project. A security team has a “black box perspective”, which means they have the same outside view of the system that an attacker would. This outsider point of view is just one of the advantages a security expert has over an internal IT team. They also have the training, experience, time, and resources that would be impossible to lump in with a standard IT program.