Security Lessons from Nature – Salamanders
All amphibians have poisonous skin secretions, which means that the common salamander is coated with a thin poisonous film. While not terribly useful for finding food or mates (the two things that salamanders really care about), it is a good defense against being eaten by passing dogs (or eagles, whatever). Over time, predators have learned to avoid certain amphibian coloration patterns as, not only is poison pretty bad for you, but it probably doesn’t taste too good either (despite the rumors).
So, what we have is a collection of animals who tend not to stray too far from water, aren’t very fast and have almost no practical defenses. To a predator, they would be little yummy blobs of protein but for the little poison problem. What can we learn from this?
The trick is in adapting this technique to business. It’s important to remember that being poisonous doesn’t really protect the particular salamander, as once the poison is ingested, the salamander probably has been as well (and while some salamanders can handle fire, hydrochloric acid probably still burns them).
Since slathering employees in gelatinous strychnine has certain implementation difficulties, we should probably abstract the idea a bit. What we need is a way to let predators know that an attack would be unwise without actually being attacked.
This is often done through the legal system. As Brett Trout has said, a company that has taken legal action in the past is less likely to require legal action in the future. So, one thing to do is to ready your business should court action be needed in the future. This requires a bit more preparation and a bit more attention, but can pay off hugely. For starters, you need to make sure that terms of access are clear and delineated. Practically, this means that each network-accessible service needs to have a banner that makes it clear what is and is not allowed. It means that employee handbooks should put forth clear policies and that local login pages also lay out the rules clearly.
Secondly, you should have some sort of technology in place so you can detect when policies are violated. This could be as complex as an SIEM and Log Management system, or as simple as just looking at access logs every day. Lastly, you should have a lawyer around so that when you do detect something, you can take immediate action.
This way, you have a defense that only needs to be active when under attack (lawyer) and warning coloration (banners). It may not prevent a predator from attacking you, but it would make them unsuccessful and, in the long run, warn other predators away from your business.