[ Cybersecurity Awareness Series ] The Three Little Pigs


Once upon a time, there were three little pigs. Over time, the little pigs educated themselves. They came back to meet their mother before they went ahead and opened their new companies. Mother told them " Whatever you do, do it the best that you can because that's the way to get along in the world.”

For the sake of simplicity, let’s name the three pigs - Harry, Ron and Sean. All three of them had different interests and hence went ahead to open up their companies in different sectors. All of them remembered what their mother told them - “Whatever you do, do it the best.” All three of them had brilliant ideas for their new startups. As they floated new ideas in the market and got a lot of VCs to support them,  but it also turned a lot of bad eyes towards them. One of them was the hacking group, “Bad Wolf” comprising of just 1 bad wolf at the moment.

Harry had a new innovative idea of connecting doctors with patients. His mobile app collected the patient’s health information, uploaded to a cloud server where expert doctors could download and check and advise on the right set of medicines. Harry’s business was a runaway success. The fees charged was very less and patients at remote areas could get easy access to timely advice.

Ron started a manufacturing company. He could see the smartphone boom and decided to manufacture gesture identification chips. You just needed to swipe your hand at the phone. There was no requirement to even touch the phone. Ron started receiving orders in millions in a few months.

Sean, the eldest of the three, went ahead and opened up a new firm which manufactured high-end rockets for deep space exploration.

One day, the youngest of them all, Harry received an email - “Give me 20 million dollars or I will hack and crack your business down.” Behind this email was the hacker “Bad wolf”. Harry replied back “ "Not by the hair of my chinny chin chin. I won’t pay you anything, not even a pumpkin.” Bad wolf got very angry at this.

While Harry was very smart at his work and did best as his mother told, he did not apply any of the basic cyber hygiene practices at his firm. In order to save costs, he did not have a firewall or even an antivirus in place. Bad wolf took around 10 minutes and published the entire information of all the patients on the dark web. Within a day, Harry’s business’ value crashed.

The Bad Wolf got a taste of money by selling the patient records online. He wanted more and more of it. So he targetted the next brother. Ron got an email too which said “ “Give me 20 million dollars or I will hack and crack your business down.” Ron replied back to the wolf in the same manner as his brother had replied, “ Not by the hair of my chinny chin chin. I won’t pay you anything, not even a pumpkin.”

The bad wolf got very angry and tried exploiting the company’s servers of Ron. While Ron did his very best in his business, he did just better than his brother Harry in cybersecurity. While he had deployed firewalls and kept his AV also updated, the passwords protecting the server were quite weak. The Bad Wolf took a day and cracked all his passwords through simple brute force attack. He leaked the blueprints of the chip which he had developed into the open market. Within minutes the stock prices of his company tanked 500% since all the proprietary designs were now out in public domain.

It was the turn of the eldest brother now. The bad wolf sent a message to Sean, “Give me 20 million dollars or I will hack and crack your business down.” The eldest brother was the smartest of all the three. He had followed up on the recent news and then connected with his brothers to identify what had gone wrong.

Sean replied back, “I will give you 20 million dollars, but I need time to arrange that. Give me two days and you’ll get the money.” The bad wolf was happy to see the message. In the meantime, Sean called his team of security experts and asked them to set up a honeypot. He also connected with the law enforcement agency and told them how his brothers had been duped by the hacking group and he required their help to nab this criminal.

After 2 days, when they were ready, Sean replied back to the wolf, “ Not by the hair of my chinny chin chin. I won’t pay you anything, not even a pumpkin.” The Bad Wolf got extremely angry after seeing the message. He decided to hack Sean’s company. Sean’s team was ready. They had created the same exact infrastructure, but with outdated information. In the time spent by Bad wolf in hacking this honeypot, the law enforcement agency was hard at work trying to identify the location of the Bad Wolf. They found him to be working out of the city from the basement of an abandoned building. The Bad Wolf was sent to jail for the next 20 years and the three little pigs lived happily ever after.

This classic story has been retold to explain the impact which weak and outdated controls can have on your business. It’s important for you to give due importance to cybersecurity and privacy of the data which you hold. You don’t need to learn the hard way as Harry and Ron did. Be like Sean and be ready to defend your business from cybercriminals 24*7.

This story is complete fiction and published to spread security awareness. Any resemblance to any character or situation is purely coincidental.

Image by Alexas_Fotos from Pixabay

Comments

You may also like to read...

How to Pass the CISSP Exam in First Attempt

The CISSP CAT Exam Experience

How to Pass SSCP Exam in the First Attempt