Brett's Ramblings
Cyber Health
I was a spectator to a conversation between a law enforcement DFIRer and corporate computer user this week, and it got interesting when the name-calling started.
The point of the conversation was about corporate computer users being ‘lazy’ with computer systems (whether it be managing the organizations website content or just basic cyber health such as not falling for phishing emails). Then a point about law enforcement never calling victims back started another tangent of complaints. And then a few other little complaints. I felt like I was watching a tennis match being played on two separate courts.
The takeaway I got was that there is still a chasm of disconnect between the users and the examiners/investigators/responders. For the DFIRrs, we practice good Cyber Health. We would not think of leaving any building with any device that was not encrypted. Phishing emails? We love them because we want to learn from them, not fall for them. We care for our passwords as much as we care for our teeth by brushing and our hands by washing. It is our way of life and we assume everyone is like us. When we hear that a non-encrypted laptop containing tons of PII was stolen from the trunk of a car, we shake our heads at how that is even possible.
For the average home and corporate computer user….Cyber Health is inconvenient, unimportant, too much work, and not in their job description. There is no way they will want to learn anything about lateral movement or tracing IP addresses.
That is the chasm that needs a bridge. Until every computer user (home or corporate) is literate in the dangers of bad cyber health, we will always be inundated with work. If you don’t brush your teeth, eventually there will be lots of pain and maybe loss of a tooth. This is no different when your life is derailed from ID theft, ransomware, or the loss of business revenue due to compromised systems. User must learn more about the systems they use, just like they must know something about taking care of their physical health.
The chasm also includes law enforcement’s lack of understanding (or caring about) the frustrations of victims who (1) don’t know the extent of damage a computer compromise can be, and (2) what the response actually does. Most victims don’t know that their case may never be investigated. From the day it was reported by the victim, the case might be put into a file cabinet and marked ‘information only’ because it has no solvability factors. The case may not ever have an investigator assigned to it, simply because of a heavy caseload or have a suspect that cannot be identified. Other cases may take years before anything happens, due to delays in getting information back from service providers or worse, delays in someone actually working the case at all due to reasons I care not to say publicly.
Prevention is key, and so is education. As a personal example, there is a local government organization in my area that has been hit with some pretty good phishing emails lately. The response from IT has been to send generic emails to everyone in the organization about not clicking ‘suspicious’ emails. So far, every time a user falls for one of the phishing emails, IT sends out another reminder to not click any suspicious email links, and then another user falls for another phishing email, and then cycle repeats. There has been no education for the computer users, other than email from IT asking users to “stop falling for suspicious emails.” I’m waiting for the entire system to go down before they have to call someone…
We have always worked to be the translator of tech talk for the layman, but we still fail at it. Blaming the user isn’t going to help. Name calling makes it worse. But being patient and understanding the user’s perspective will help.
When we expect users to do what we would do, without telling them what we would do or how to do it, we frustrate them and us, because we will always get the same thing happening over and over. Most of use are Type A, driven, and have high personal expectations. We have to tone that down to help the organizations that ask us to help them. This includes those working in LE.
The amazing thing that users don't know is that a simple and innocent (ignorant) click of a single phishing email can cause a cascading amount of highly complex, extremely expensive, and mind-numbing work by a team of highly trained DFIRrs to fix over a period of days, weeks, or months. Users don’t get that because no one tells them. They just want their computer to work so they can email clients. Maybe Cyber Hygiene should be taught in schools in the same class where Personal Hygiene is taught?
About the author
Comments
By accepting you will be accessing a service provided by a third-party external to https://www.brettshavers.com/
Posts List
Tag Cloud
Search Blog
Most popular posts
Magnet Forensics Conversation
DFIR Training
Be sure to check out my DFIR Training website for practically the best resources for all things Digital Forensics/Incident Response related.
Even better, support DFIR Training by subscribing at https://www.dfir.training/subscribe-3 and get access to multiple online courses in digital forensics with included ebooks!
More posts
-
When OSINT is turned into the Baseball Bat of Internet Mob Justice
We are of a curious mind, we the forensic examiners, private investigators, OSINT professionals, and journalists. Our work is for the public good, and we…
Thursday January 14
5553 hits / 0 comments
-
I took a look at Instagram's Terms of Service so that you won't have to.
Who really reads the Terms of Service anyway?Are EULAs and TOSs intentionally designed as multi-page, single-spaced, 4 font, legalized writing to confuse users or simply…
Saturday December 26
8534 hits / 0 comments
-
White Paper: The Susceptibility of Interconnected Devices in a Global Concept as Surveillance Affects the Consumer-user
I read an article that China used technology to spy on users via their phones (https://www.theguardian.com/us-news/2020/dec/15/revealed-china-suspected-of-spying-on-americans-via-caribbean-phone-networks). Here is my white paper analysis.#1 - If...
Wednesday December 16
4650 hits / 0 comments
-
How long does it take to get into the DFIR field?
Question I received: How long does it take before I can expect to get into a DFIR career?Answer: It depends!It depends on your available resources +…
Thursday November 12
14893 hits / 0 comments
-
An expert is just one page in a book ahead of you
Let me dispel your notion of what an “expert” is. An expert is someone who has more information than you. That’s it. Imagine being stranded…
Friday October 30
5825 hits / 0 comments
-
Should you improve your DFIR skills on your personal time?
Almost two years ago, I wrote about burning out in DFIR (“Only race cars should burn out"). I still stand by what I wrote at…
Friday September 04
28344 hits / 0 comments
-
TikTok is like a big, greasy cheeseburger. We know it is bad for us, but don't care.
Short version: Any social media platform can be compared to the biggest, greasiest cheeseburger that you can find. You know that the cheeseburger is unhealthy,…
Tuesday July 07
24017 hits / 0 comments
-
Jessica Hyde and I talk about forensic stuff
Jessica Hyde of Magnet Forensics sat down together (virtually...) to talk about forensics. In case you missed it, here it is!
Thursday June 11
10735 hits / 0 comments
-
Facebook Spoofing: Your Reputation, Investigations, and Massive Data Collection
A “new” article on imposter Facebook accounts was published today in the Philippines. I put “new” in quotes because this is not a new issue,…
Sunday June 07
2662 hits / 0 comments
-
You do not want to work in DFIR.
The fantasySo many people ask how they can start a career in the DF/IR field, which is completely understandable. The glamour is there. Hollywood shows…
Thursday June 04
3278 hits / 0 comments
-
COVID-19’s Investigative Impacts on Digital Forensics/Incident Response (DFIR). AKA: All burners are now burned.
The meat and potatoesA bit is still a bit and a byte is still a byte. COVID-19 cannot change that, which means that the technical…
Saturday April 25
16858 hits / 0 comments
-
Mini-WinFE 10 and WinFE 10 Updated
The short story on the newest Mini-WinFE 10 (aka, the download link):Mini-WinFE has been updated and upgraded. I update WinFE developments (including the downloads for…
Sunday April 05
10816 hits / 2 comments
-
Eat your broccoli first
Something good and something not-so-good on learning DFIRThe good thing about learning DFIR is that there are probably fewer barriers and obstacles to learn and…
Saturday January 18
30970 hits / 0 comments
-
The Second Decade of the 2000s is almost over!
We’ve come a long way in DFIR over the past 20 years, and even looking at just the past decade, the field has drastically grown!…
Thursday December 26
10720 hits / 0 comments
-
Public Records
I have an outstanding public records request. It is not "outstanding" in the manner that I wrote a great request, but "outstanding" in that I…
Thursday December 12
5221 hits / 0 comments
-
The Five Stages of the DFIR Career Grief Cycle
I have been a fan of Craig Ball ever since I met him in a forensic course years ago. I was so impressed with Craig,…
Tuesday September 10
36763 hits / 0 comments
-
Our World is Going to Turn Upside Down with DeepFakes
The short storyAny person and their voice, in practically any video (past, present, or future) can have their face and voice digitally replaced with any…
Sunday September 01
4455 hits / 0 comments
-
If you are comfortable in DFIR, you might be doing it wrong
I took a 3-day basic forensic course and embarrassingly enough, the instructor (in front of the class), said that I probably know everything in the…
Thursday August 29
4803 hits / 0 comments
-
Everything I Needed to Know about Working in DFIR, I Learned in Boot Camp
You don’t need to experience military life to learn the valuable lessons that are drilled into military recruits. In fact, you can probably enjoy the…
Saturday August 17
6430 hits / 0 comments
-
Personality of a computer
From a recent discussion that I had with Harlan Carvey about the registry, this topic is something that I touched on lightly in Placing the…
Wednesday July 31
5082 hits / 0 comments
© 2021 Brett Shavers