UA-72240440-1

Sharing is Caring?

Date: June 8, 2020
Author: MRPE
Comments: 0 Comments
Categories: Governance & Auditing, Incident Response, Malware Threats

As a global executive and networked security expert I am helping people connect, inform, notify, and grow on the job every day.  In my world sharing is caring, because I’m busy, you’re busy, yet it’s mission critical that we work as a team – as an industry – towards maturing and networking.  This is why I work tirelessly towards helping others be the best they can be.  I’ve also learned that it takes both parties, caring, to make a difference.  If the other party just doesn’t care, is complacent, or not present emotionally or intellectually, these goals cannot be achieved.  Case in point a recent ethical notification that I performed:

A small IT based organization, who likely has no SECOPS or much for budget, was compromised in a phishing attack.  I was notified because of my geolocation and being trusted in the industry, to help with victim notification.  I made a call and also emailed the group.  Due to the nature of how serious the notification and incidents were (more than one), I notified them three times over a three day period.  When I finally received a call from the victim they were complacent at best, didn’t care to learn more about the compromise towards mitigating the threat, and then proceeded to question who I was and why I was contacting them.  Mind you I was very careful to never ask for any information or take actions that could be construed as social engineering.

I performed my ethical disclosures and notifications and gave them some free advice on a few things they can do to identify and remove the threats from their network.  I was left feeling upset, because it was clear they just didn’t care.  In fact, the only thing they did care about is that I notified them, in an apparent negative light!

As a security professional I have an expectation that we should ALL CARE about making a difference, doing our best, towards the good fight against our adversaries.  Sharing is caring, and I won’t stop just because of one individual or organization that doesn’t care.  We are all on the same ship, with compromise often moving laterally through other organizations, so I’m hopeful that everyone does learn to care over time even if they don’t today.  It’s our responsibility, that we bear (key words OUR and WE).

In closing, let’s remember to maintain focus as we work with others in the industry.  Some are just going through a difficult time or may feel beat down by a lack of support, budget, or feeling valued.  We all have those moments in life.  Meanwhile, the large majority of individuals and organizations I work with do CAREthank you for doing that and making a difference.  I appreciate you and our stance together in fighting the good fight against our adversaries.