Cybersecurity Awareness Month is about reminding all organizations to be aware and to plan for the worst.
Know your systems, anticipate their failure, and plan contingencies accordingly. Of course, that does not simply mean protecting a network, or key servers, or just the PCs on the network.
It means having a solid understanding of all devices, all data storage (local or cloud), all software, and all policies.
That’s not easy, and it involves the use of significant resources. That’s why we have a month devoted to reminding ourselves about the need.
Your Network: The Devil in the Details
In large organizations, it’s difficult to conduct a full IT survey.
In many non-IT focused environments, employees may not even recognize peripheral devices that need to be reported to IT. Back in August, we noted how peripherals can create vulnerabilities on a network.
The focus of that blog was that companies need to watch out for innocuous devices, such as telephones, TVs, and even Alexa devices. Those devices, when connected to the network, require both security checks and updates.
This month, DarkReading added further incentive for companies to hunt down older Amazon devices that have been found to be vulnerable to a WPA2 handshake flaw.
First generation Amazon Echo devices are generally easy to find because most users keep them in obvious places. However, Kindle 8th generation e-book readers are typically kept in drawers, briefcases or on bookshelves.
Many users forget that they connected those devices to their corporate networks. Thus, they’re unaware that the devices automatically connect to Wi-Fi when brought into their buildings.
Unfortunately, many hacking attacks rely upon that sort of inattention to gain access to users, or to the network.
Wi-Fi Network Attacks
One example of a Wi-Fi attack is the evil twin.
It launches a legitimate looking Wi-Fi network to trick users into entering login credentials. Since most people connect to Wi-Fi once, then forget about it, an evil twin could exist, unnoticed, for some time.
Let’s say that a network administrator creates a Wi-Fi network as “guest_companyABC.” Then, a rogue generates a similar Wi-Fi network: “CompanyABC_guest.”
Unfortunately, most guests naturally would choose the first network on the alphabetically sorted list.
For that reason, IT professionals must actively and regularly check Wi-Fi access points for the appearance of such rogue networks.
Additionally, it’s important to conduct thorough survey checks for all PCs and potential devices in the organization’s environment – not just in the office, but in every operational location.
Sophos’s NakedSecurity noted a particularly interesting case where penetration testers for a shipping company discovered a rogue PC on a container ship that also connected to the ship’s engines. The company had no record of the device connected to the onboard network.
Although no one on board used the computer, it wasn’t hidden. It had a monitor on the bridge that was so bright, it had to be covered up at night.
After tracing cables attached to the device, the pen testers found that the PC not only connected to the onboard electronic chart display and information system, it also connected to the main engine controls.
Ultimately, they discovered that the box was a legacy device installed by a third party for fuel and engine efficiency monitoring. It remained connected after the contract ended – running constantly, and without updates, for so long that no current employee remembered where it came from.
That forgotten device created a huge weak spot in the company network.
Breaches Within Your Organization
Most IT departments use inventory lists to form the basis for examining the IT equipment.
But, how many also check for machines not located on those lists?
If not for the third-party penetration testers, how long would it have taken the shipping company to realize it had rogue IT connected to its ships?
Let’s assume that we conduct the difficult survey of the IT landscape. We finally know about all devices, software and data locations.
Are we secure? Unfortunately, no.
Thirty-four percent of all 2018 breaches were caused by insiders. And, an estimated 70% of all breaches are not reported, which implies that the insider threat potential is even higher. Those figures only cover the known breaches.
So, how many organizations know whether or not ex-employees left with possession of company data?
Apricorn released a USB data protection study citing that 60% of organizations do not use port control, and 50% of organizations don’t require data encryption on USB devices.
Sure, we all want to trust that our fellow employees work towards our mutual benefit. But, with the average cost of insider attacks estimated at $1.6 million dollars per breach, can you afford to be wrong?
Some organizations try to push the costs of mistakes off onto insurers.
In fact, the city of Baltimore approved the purchase of a $20-million cyber insurance policy holding an annual cost of $835,000. While the policy could have offset this city’s $18-million ransomware recovery, the $1-million deductible still allows for a significant amount of financial pain from data recovery and breach investigation.
Wouldn’t you rather spend that money on active defense instead of financial protection?
Additionally, insurance money may not always be available. In 2017, the NotPetya attack, characterized as a Russian cyberattack on the Ukraine, allowed insurers to invoke a “war exclusion” clause in their contracts. Thus, it voided all insurance liability.
Investing in the Right Support
Recovery costs often represent a mere fraction of the true costs of malware incidents.
Often, much smaller investments in IT system design, network monitoring, and cybersecurity testing prevent huge expenses, embarrassing publicity, and employee distress caused by successful attacks.
Here at Ideal Integrations, we help you locate your weak points, and prevent future breaches. Not all network solutions involve the same technology and support, and we build yours with that in mind.
Also, our cybersecurity division, Blue Bastion, provides 24/7/365 security monitoring of your applications and data. If an incident does occur, our dedicated incident response team will help you investigate and thoroughly recover.
For a risk-free consultation, contact us today by completing the form below, or by calling us at (412) 349-6680. Building networks and partnerships, we are by your side!