So where I last left off - 2000 a time of transition for a number of things, the "red hot" internet properties of the '90's started the downward slide that became the recession of the early 2000's and many "internet millionaires" became bankrupt or lost much of their projected net worth. During this time many companies had been focused on growth and establishing an "internet" presence without really having a business plan or an approach to sustain or support the number of systems that were being deployed to the networks.
Corporate malfeasance leads to regulation - Enron, WorldCom, Tyco and other companies caused public outrage due to accounting fraud of various magnitudes and the attempted cover-up and complacency of Sr. Management. The result is the Sarbanes-Oxley Act of 2002. While mostly corporate accountability legislation, this triggers a number of compliance initiatives that impact Information Security and compliance.
Continued email based attacks, Anna Kournikova, Pikachu, and ILOVEYOU email based viruses spread quickly on Microsoft Exchange environments. At this point the people who ran the mail servers were not very aware of security or interested in security controls, anti-virus scanning, or spam filtering. Many email based attacks bounced harmlessly off of systems using classic email systems like UNIX based mail servers or clients, but with the increased adoption of Microsoft Exchange and Outlook/Outlook Express as mail clients, more and more users were all on the same (vulnerable) infrastructure.
Maintenance issues lead to worm/virus outbreaks, CodeRed, CodeRed 2 leverage unpatched or badly configured systems to spread nearly unchecked through many companies. Sadmind worm is one of the first cross platform worms, that attacks unpatched UNIX systems as well as Microsoft IIS systems.
Nimda was the worm that really started to tap into the potential of what malware could do, and cause serious issues to environments. Nimda attacked unpatched or misconfigured Microsoft systems, and also leveraged backdoors left behind by infections of CodeRed and Sadmind.
Nimda was a game changer, since it now demonstrated what could happen if you don't patch your systems and also if you don't remediate systems that are infected. A number of companies also discovered that their network architecture was fragile (due to the large amount of infected systems and the speed that it spread, networks were often impacted and some more fragile networks had constant downtime as a result). Nimda was also very versatile, it didn't leverage just one possible vector to spread, it leveraged five possible vectors to be able to spread and infect systems, including user based vectors such as web browsing and email (which were a challenge to protect against for most Information Security organizations).
Many organizations had no idea they were vulnerable or compromised until their network went down, or their 'production web server' went down. There were very little to no detection capabilities at the network or host level, and no reliable process for scoping the infection or remediating the systems.
The terrorist attacks of September 11th 2001 again changed the narrative from security (and Business Continuity/Disaster Recovery) as an afterthought/nice to have into a need. Many large companies were adversely impacted by the loss of the world trade center locations, and the long term impact that had to the surrounding buildings and infrastructure. Many companies experienced irreparable data loss or loss of business, not to mention the human toll of the attacks.
The need for an executable Disaster Recovery plan that is known and tested became a primary reliability requirement for many organizations.
To be continued...
Corporate malfeasance leads to regulation - Enron, WorldCom, Tyco and other companies caused public outrage due to accounting fraud of various magnitudes and the attempted cover-up and complacency of Sr. Management. The result is the Sarbanes-Oxley Act of 2002. While mostly corporate accountability legislation, this triggers a number of compliance initiatives that impact Information Security and compliance.
Continued email based attacks, Anna Kournikova, Pikachu, and ILOVEYOU email based viruses spread quickly on Microsoft Exchange environments. At this point the people who ran the mail servers were not very aware of security or interested in security controls, anti-virus scanning, or spam filtering. Many email based attacks bounced harmlessly off of systems using classic email systems like UNIX based mail servers or clients, but with the increased adoption of Microsoft Exchange and Outlook/Outlook Express as mail clients, more and more users were all on the same (vulnerable) infrastructure.
Maintenance issues lead to worm/virus outbreaks, CodeRed, CodeRed 2 leverage unpatched or badly configured systems to spread nearly unchecked through many companies. Sadmind worm is one of the first cross platform worms, that attacks unpatched UNIX systems as well as Microsoft IIS systems.
Nimda was the worm that really started to tap into the potential of what malware could do, and cause serious issues to environments. Nimda attacked unpatched or misconfigured Microsoft systems, and also leveraged backdoors left behind by infections of CodeRed and Sadmind.
Nimda was a game changer, since it now demonstrated what could happen if you don't patch your systems and also if you don't remediate systems that are infected. A number of companies also discovered that their network architecture was fragile (due to the large amount of infected systems and the speed that it spread, networks were often impacted and some more fragile networks had constant downtime as a result). Nimda was also very versatile, it didn't leverage just one possible vector to spread, it leveraged five possible vectors to be able to spread and infect systems, including user based vectors such as web browsing and email (which were a challenge to protect against for most Information Security organizations).
Many organizations had no idea they were vulnerable or compromised until their network went down, or their 'production web server' went down. There were very little to no detection capabilities at the network or host level, and no reliable process for scoping the infection or remediating the systems.
The terrorist attacks of September 11th 2001 again changed the narrative from security (and Business Continuity/Disaster Recovery) as an afterthought/nice to have into a need. Many large companies were adversely impacted by the loss of the world trade center locations, and the long term impact that had to the surrounding buildings and infrastructure. Many companies experienced irreparable data loss or loss of business, not to mention the human toll of the attacks.
The need for an executable Disaster Recovery plan that is known and tested became a primary reliability requirement for many organizations.
To be continued...
Comments