Roger Smith, CEO at R & I ICT Consulting Services Pty Ltd and Amazon #1 author on Cybercrime asks if you are auditing your logs?
[Start of transcript]
Hello, my name is Roger, and today I’d like to ask you a question: Are you auditing your logs?
Now I’m not talking about your phone or intrusion protection or you encryption logs. What I’m talking about is the logs that come from your technology. Yeah, the logs that come from your technology can be hardware related or software related or even application related. But it is very important because all of those components have a logging system that gives you information about what is happening. It also tells you when you need to upgrade things or need to update things. So, this type of information is really important when it comes to where you’re going. For instance, if you’re running things like <indiscernible 00:52> and at the end of the financial year you get an update Now, those updates are also incorporated into your logs, and also because it’s <indiscernible 01:00> but it’s an accounting product, there’s an auditing component in there as well.
But with operating systems and applications, there is also a system log or an application log. And these logs tell you everything there is going on within the system. On top of that, because these things are visible you also need to be very aware that they are there. Because some of the cyber criminals, when they’re accessing remote sites, will actually check to see what the logs are doing and how much damage they can do just by either deleting them or not allowing them to be shown, or in some cases use those logs to gain information about the technology that is in use.
But there is also a problem in some areas when you try to read the log they are in computer language, so you have to have ways of converting them into real English or Spanish or German or whatever. But hey have to be translated into human speak so that we can actually understand what’s going on.
But on top of that, how do you know you have a problem if you’re not looking at your logs? If you’re not looking at your logs regularly, because they have a major impact in the way the technology is being used all the time. So, have you got someone on staff who is looking at your logs? Are you looking at your logs? Have you got an MSP who is logging your logs and having a look at them to make sure that things are working the way they’re supposed to?
Thank you very much.
[end of transcript]