When setting up a network, it’s tempting to put all users onto a single network and forget about it.
Why? Well, at least initially, it saves time and money. And, as offices grow, desks shift, and employees change roles, that single network makes accommodating those changes easy. Legacy networks tend to be sprawling, but simple.
Unfortunately, in the cyber security world, “easy” tends to also mean “vulnerable.” It’s not as if company size or potential resources make any difference.
After all, even billion-dollar companies such as Maersk experienced crippling malware attacks, which knifed through their systems within minutes due to an overly connected network.
As an IT infrastructure provider, our team understands the importance of network segmentation, or dividing a network into multiple segments or subnets. It prevents unauthorized users from your valuable assets, such as customer information and financial records.
Here are three key reasons to consider network segmentation for your organization.
Reason 1: Network Segmentation Suppresses Attacks
In a typical office, everything from doors to cabinets are locked. And, those locks all use different keys.
Network segmentation is sort of like that – different keys for different areas. Without it, your network is one large, open office space secured with a single key.
Sure, you’ve got various personal passwords your computers. However, on every PC, there are processes that run with administrative rights, and those administrators often have access to all machines.
If a cybercriminal gets a hold of those credentials, your entire network could go down within minutes. Network segmentation stops that criminal from getting to your other networks, which allows you to contain the attack without losing all of your other data.
Reason 2: It Keeps Non-Essential Devices Separate
Some devices should be kept separate to your normal business processes.
For example, you’ll want a guest’s computer to connect to the guest network since you can’t control it.
Internet of Things (IoT), industrial control systems (ICS) and legacy OS devices (Windows 7, Windows XP, etc.) should be segmented for similar reasons. While you can try to upgrade these devices, securing them is difficult. And, new flaws appear often – they’re both hard to detect and difficult to fix.
In August, IBM discovered a vulnerability in IoT chips that could leave billions of industrial, commercial, and medical devices vulnerable to attackers. That would allow attackers to remotely gain total control of the hosting machines.
Additionally in August, Microsoft released out-of-band updates for important remote access security flaws in Windows 8.1 and Windows Server 2012.
In each case, while patches are available, they don’t download automatically. So, in order for them to work, your team must actively manage all updates, which takes both time and constant awareness. Add that to their daily tasks, and you’ll likely see a lot slip through the cracks.
Many security issues take months, or sometimes years, to notice. And, attackers may exploit them well before that happens. Moving these devices into dedicated network segments places less strain on your team, and greatly reduces access for attackers.
Reason 3: People Make Mistakes & Software is Flawed
People open scores of emails daily. And, sometimes, they end up clicking on SPAM that produces malware.
However, that’s not the only problem to consider.
In August, the FBI arrested a Russian cybercriminal for trying to persuade a Tesla employee to install malware into a company network, which would then allow him to leak stolen data from their systems. The actor promised to pay the employee $1 million in return.
Both inside jobs and accidents happen, which is all the more reason to segment your networks.
People aside, you then need to think about software glitches. You’re probably familiar with plug-ins, or additional add-ons for software to make it more dynamic. Many architecture & engineering companies use 3Ds Max, a 3D computer graphics application, to complete their work.
Last month, a set of hackers was hired to compromise an architecture firm specializing in billion-dollar luxury real-estate development. They used a malicious plug-in called “PhysXPluginMfx,” which abused MAXScript, a scripting utility that ships with the 3Ds Max software.
The plugin was designed to infect other MAX files, and spread malware to other used who received and opened the files. Network segmentation would contain that spread to one network – in this case, it would have limited major financial damage.
Bringing It All Together
The more you segment your network, the more you limit access.
By creating various network segments, you protect some of your most valuable data. And, in the long run, you’ll save time and money while keeping peace of mind when it comes to cyber security.
You’ve got a business to run, and you shouldn’t have to worry about the security of your most important data.
Network segmentation requires planning and expertise to execute properly. That’s why we’re here to help you. At Ideal Integrations, we provide managed network solutions for organizations throughout the world. We’ll help you create networks designed to fit your unique needs, and we’re here to manage them for you around the clock.
Ready to get started? Complete the form below, and we’ll create the right plan for your organization! Or, you can call us at 412-349-6680. No matter where you are in the world, we’re here to help you maximize your return on IT!