Do you work in Caffa?
Riverbank Ruminations; Observations from The Banks of The Technology River
Tom Evans ~ Ashton Engineer Emeritus
Do you work in Caffa?
How old do you think biological warfare is? We might think of it as a recent invention but I came across a mention of it being used in 1346. There are some parallels between what happened in Caffa (now Feodosija, Ukraine) and the current threat landscape. First some background from this article.
“Caffa was a thriving city, heavily fortified within two concentric walls. The inner wall enclosed 6,000 houses, the outer 11,000. The city’s population was highly cosmopolitan, including Genoese, Venetian, Greeks, Armenians, Jews, Mongols, and Turkic peoples.”
Friction between the Mongols and Italians resulted in the Mongols laying siege to Caffa. Being built on the coast, Caffa still could receive supplies even while being besieged. Circumstances led to the siege terminating when a plague devastated the attackers.
“The dying Tartars,…. lost interest in the siege. But they ordered corpses to be placed in catapults and lobbed into the city in the hope that the intolerable stench would kill everyone inside. What seemed like mountains of dead were thrown into the city,…..And soon the rotting corpses tainted the air and poisoned the water supply, … Moreover one infected man could carry the poison to others, and infect people and places with the disease by look alone. No one knew, or could discover, a means of defense.”
Some thought that this incident was one of the vectors responsible for introducing the Black Death to Europe. The article gives some reasoning on why that is unlikely. For our purposes, what parallels are there between medieval Caffa and modern businesses today?
Caffa depended on location and construction for protection. It had two walls and was built on the ocean. The location allowed supplies to be obtained even under siege, and the double walls probably seemed adequate to repel the normal assaults by armies of the day.
Businesses today rely on ‘walls’ for protection. Firewalls are standard issue for any business. Firewalls share the same weakness as physical walls. You need to be able to go through them to conduct business. Unlike medieval times, the traffic through the walls of a modern business is of such a high volume that close inspection of every single entrant is difficult and identifying threats is becoming increasingly difficult, yet most businesses feel that traditional firewalling should be ‘good enough’. With Caffa, the attack was not through the gates.
The biological attack on Caffa involved tossing infected bodies over the walls. The attack today involves throwing infected emails at the business. To complicate matters, many times the infection is not in the email itself, but at the destination that is listed in the email and which the employee is maneuvered to visit.
Once someone inside Caffa tried to remove the bodies, they were likely to get infected themselves and pass it on to others. Today, once a computer is compromised, the infection moves rapidly into the network, allowing for devastating results, usually ransomware and multiple levels of extortion.
When the siege of Caffa ended, both attackers and attacked left the area and some likely spread the infection to other areas. When a network gets compromised, the attackers then look for other networks to compromise. This will include your customers and suppliers. The attackers may not even make their presence known to you. You might be a pawn for the attacker to use against larger game. In my training sessions , one example I use is Griffin, Georgia. They were scammed out of $800,000 via emails from a ‘supplier’. The attacker had inside information that had to come from a supplier. The emails that facilitated the scam were not from the supplier but closely mimicked the supplier’s email address and were not caught until after the fact.
Some lessons to be learned from Caffa:
- Yesterday’s defenses won’t stop today’s threats. (Firewalls don’t stop everything.)
- Lean how to handle infections. (Not knowing how to handle the dead bodies resulted in more deaths in Caffa. In your company, can employees identify phishing emails? Are they encouraged to take the time to do so?)
- Don’t feel like you are not a target because of your size (Caffa wasn’t the wealthiest city of the time. The first siege came about following a brawl between Italians and Muslims. If you are on the internet, you are a target.)
- Find out how to spend your money wisely on security. (Caffa had double walls and a defensible position. It didn’t help. Spending money on security is necessary, but it needs to be in the right place. Get help from someone who knows the right way to do things)
- Caffa was able to resist normal sieges because they had a location that allowed supplies to be brought in. (What is your plan for when you get compromised? Have you tested your DR plan? Do you have a plan for business continuity while recovering?