It’s not a new threat really. People inside an organization can always be a threat. It’s just that many people, some of them prominent security professionals, have been downplaying the insider threat lately in order to hype other emerging threats. I’m of the opinion that we’ll see insider threats rise through the year and probably into next. As the economy worsens, people who are becoming financially stressed may turn to corporate crime, or may retaliate for being laid off.
Prime example, news this week of a former Fannie Mae contractor leaving a malicious script designed to wipe out thousands of computers after he was fired for…a scripting error he made earlier in the month. Luckily they stumbled upon the script before it was set to execute. They might not have been so lucky though. Bruce Schneier has some good tips about reducing the threat trusted individuals can pose.
In the end, you can take several measures to reduce your insider risk but you can never eliminate it entirely. At the end of the day the weakest link always comes down to people. People are sometimes dishonest, it’s simply a fact of life. Luckily for the rest of us, they seem to be a pretty small minority.
I’m posting this because I was discussing web hosting with a friend of mine recently. I thought I’d tell you a bit about my web host, Nearly Free Speech. They have a unique pricing model that’s completely pay as you go. You only pay for what you use and you end up saving a bundle. Here’s their current pricing, which is literally pennies until you go over 1 gb in transfer (which for me takes awhile). Most people pay very little, as you can see from this nifty chart. To give you an idea, I paid NFS just 89 cents from Nov til today.
Not only is the price right with NFS, the customer service is great too. Besides public voting for requested features and a good blog that’s used to keep customers up to date, customer service requests are handled promptly and with great skill. And if there is ever any down time (which rarely happens and I’ve never personally noticed), they have some really great incentive to fix things quickly because their income craters on the spot!
To save money on storage and bandwidth charges, I host as much static content (images, files, etc) as I can out of Amazon S3 where it’s cheaper then NFS ($0.15 gb/mo vs $1.02 gb/mo). I pay Amazon a few pennies a month (if that) to host my website related content. It’s super simple too with a CNAME redirect. If you notice, anything hosted at media.bradberkemier.com is actually a redirect to S3.
NFS and Amazon S3 have been the perfect duo for my web hosting needs, and probably would be for you too!
Disclaimer: I’m not being paid by either company to say these things nor do I have a particular interest in either company (though I am an Amazon affiliate). I simply use their services and have been incredibly satisfied with them.
Are you backing up your bookmarks? Oh, you don’t store local bookmarks? You use a social bookmarking website you say? Well I hope you weren’t using Ma.gnolia. They announced on Friday morning that they’ve experienced a catastrophic data loss. Wired is reporting Ma.gnoalia has lost both their production database and backups of user data. Bye bye bookmarks!
So my question to you is, do you have backups? Ma.gnolia didn’t. If they did have backups, my guess is they failed step 5 on the path to the tao of backup. While I have both local and off site backups (that yes, I test on a frequent basis…it’s all about restores!), I had overlooked my bookmarks. Luckily, they are safe and sound on del.icio.us. I might not be so lucky next time though. If you’re a del.icio.us user as well, I suggest you export a copy for safe keeping. Then take a moment to think about what else you have stored, and stored solely, in the cloud. Make sure you add those things to your backup procedures.
Recent Comments