Earlier this week, our resident ICT Network Architect, Mr Jon-Paul Bullard shared a devotion with the Head Office team which was well-received, entertaining and informative.
It felt apt to to share it with a wider audience across SCEA.
You may learn a little about cyber-security and the Christian faith from his reflections on life!
If I mention the words “network security” or “data breach” – what immediately comes to mind?
Optus?
Medibank?
Or is it a nefarious Russian mafia-sponsored hacker, surrounded by empty Red Bull cans sitting in a dark room trying to encrypt your hard drive for ransom?
No matter the conjured picture, network security is a very real concern these days.
In the same way that technology has changed and grown over time, so have the tools and methods used by the ‘threat actors’ of today.
Threat actors.
That’s the new cool name for the hackers of old.
The goal of a threat actor is to compromise your environment and get it working for their gain.
No longer do they bother trying to hack through firewalls. Unlike TV shows and movies of the past, it’s virtually impossible to hack an enterprise firewall in today’s age. No, technology has gotten pretty smart. The easiest point to exploit in network security exists between the chair and the keyboard – that is the person who sits down to use the computer. Our mistakes gives them the weakness to exploit.
So what do they do?
They try to tempt you with things that seem too good to be true to get you to lower your defences and give them a way in.
- Want a Playstation 5 but can’t afford it? Click the link in this email.
- I need your help to transfer $2 million to my Aunty in Widgemooltha? You can keep $50,000 for your troubles… just transfer me $500 to cover the bank charges at my end.
- You’ve won an apple iPhone 15 supermax – Click this link to redeem it!
- Oh, that payment you made to Amazon didn’t go through. Click here to check your order.
Ha! you say.
I didn’t order anything from Amazon! No, but 15,000 of the 150,000 people that were also emailed or texted did, and 3,000 of them just clicked that link.
It takes less than 5 seconds after you click that link for the ‘malware’ to download, install and connect to some random agent on the other side of the world. Less than 5 seconds and your computer is wide open to remote control….and you won’t even know it.
Often, they will start with a small compromise and then patiently wait and work to turn that compromise into a complete takeover.
Your work and/or personal email are probably on one of the easily downloadable lists thanks to Linkedin, Sony, Optus, to name just a few.
Ahh, a teacher at a SCEA school just clicked on our link and we have control of his computer.
Excellent, he’s at school.
Let’s see what other things on the network we can find…
Hmmm… there’s a link to Teacher Kiosk on his desktop.
Let’s just try the same credentials he used for Linkedin and…
Yes – he did use the same password, didn’t he?
Let’s see what I can find from here…
Before you know it, they’ve dropped some more malicious files into Teams and messaged the Principal pretending to be you to say there’s a file they need to check and now they own the Principal’s laptop.
However, although these methods may be reasonably new to technological threat actors, they are not new to this world’s primary and original threat actor.
For multiple millennia he has been tempting mankind.
His methods of attack are tailored to our personal desires – targeting our susceptibility and our weakness so we often fall for his phishing attack and open ourselves up to his compromise – starting with the tiniest of compromises and leveraging them for maximum control.
So how do you protect yourself from a threat actor?
We can recognise malicious behaviour when we filter it with truth.
Is something too good to be true?
Then it probably is.
Is it possible to get rich quickly with very little effort or outlay?
No it really isn’t.
Is it okay for me to behave like that? Compare it to God’s truth to see whether it passes the test.
Would my manager really ask me to buy an Apple iTunes cards on their behalf?
Would the HR department really need me to email them my PayGlobal password?
Should I really say that about my colleague behind their back?
Knowing what the correct behaviour is quickly identified malicious behaviour.
When it comes to threat actors, there are some important ways you should approach them technologically – see if you can identify the spiritual parallels:
When you think you are being compromised or know that you have been, you should come to the IT department openly – confessing your weakness – for they are always ready to forgive…!
Immediately come before them at any hint your system might be compromised – for if you repent, they can scan your hard drive, restore your profile and cleanse you from all malicious files.
Read their support announcements diligently for by doing so, you will be able to identify and stand firm against the temptations of the threat actors.
Remember that the IT team love you. They are always there to support you. Always ready to answer your 444 support call.
While that has tended towards a touch of flippancy, we must remember that we are workers with a mission that has so much potential to impact the lives of children and families… not just in the years they are at our schools but for the rest of their lives.
We are being targeted for compromise in every possible way that can bring about the destruction of the purpose we have been called to:
- interpersonal conflicts,
- deadlines,
- reporting,
- audits,
- payroll calculations for staff,
- final fee collections,
- organising relief,
- the commercialised craziness of Christmas and
- just plain physical and mental exhaustion.
I’m not sure if I’ve brought the sense I wanted to this topic, so let me finish with some clarity from Paul from his letter to the Ephesians:
12 For our struggle is not against flesh and blood, but against the rulers, against the authorities, against the powers of this dark world and against the spiritual forces of evil in the heavenly realms. 13 Therefore put on the full armour of God, so that when the day of evil comes, you may be able to stand your ground, and after you have done everything, to stand.
14 Stand firm then, with the belt of truth buckled around your waist, with the breastplate of righteousness in place, 15 and with your feet fitted with the readiness that comes from the gospel of peace. 16 In addition to all this, take up the shield of faith, with which you can extinguish all the flaming arrows of the evil one. 17 Take the helmet of salvation and the sword of the Spirit, which is the word of God.
18 And pray in the Spirit on all occasions with all kinds of prayers and requests.
With this in mind, be alert and always keep on praying for all the Lord’s people.