100TB Focus Series: Organizational Security Needs More Than A Guard Dog

18th August, 2016 by

Why organizational security is at a crossroads: organizations continue to develop. Business practise metamorphoses, then inevitably the accompanying tech infrastructure grows too. That’s great, except that many companies have never been able to plan their IT growth in every detail and this is becoming quite an issue.

Who’s Accessing Your System Right Now?

Who could have anticipated the massive changes we’ve witnessed in the last twenty years? As a consequence, the infrastructure ends up being rather unwieldy and fragmented. Do you know every application, system or devices on your organization’s infrastructure right now? Probably not, and that creates a headache and the opportunity for a security breach.

One Slip Could Create A Profound Business Impact

You might feel red-faced reading this, but to keep up to date you’re going to have to work almost around the clock to keep your networks configured, patched where appropriate and up to date 24/7.  You might think that nothing much happens around here so we always ‘keep the key under the mat’. But it only takes one slip and your entire network might be compromised, costing huge amounts of money. Can you afford such a risk that affects both your financial health and customer confidence?

100TB’s Super Basic Security Checklist

The old days of erecting a virtual wall or perimeter fence around your business have vanished. It’s almost impossible to keep threats at bay unless you are ‘on it’ all the time. So how has the threat landscape transformed itself? How should you evolve in response to these morphing threats? 100TB explores what’s happening and why.

Review Your Network Regularly

IT infrastructure is as complex as the human body, and in business terms it does much the same thing by keeping an organization functioning. Consider what your organization terms an IT infrastructure:

Undertake the most basic no-brainer security review and overview the following as an absolute minimum:

  • On-premise and hosted systems
  • Standalones
  • Cloud servers
  • Different data centers in various locations, third-party cloud service providers
  • Hosted platforms extending (or even replacing) the in-house infrastructure.

Review Access Policies

Do you offer open access to internal staff, external partners and customers at different levels?

Do you allow connection from an array of devices and networks with varying levels of security beyond your control?

Your Success Is Attractive To Undesirables Too

When put in a list like this you can see how complex it is to manage the very basic aspects of your IT infrastructure, but of course hackers know this too. In addition, the more business activity you undertake online and the more customers you attract, then the more attractive the spoils become. Do you know how much a stolen credit card number or even your Uber account is worth? Logins, passwords, online banking credentials, your top secret product development, plans and behaviors are worth a fortune to you, and of course, to a hacker.

Are Your Staff Your Biggest Security Risk?

You might think you have all this covered, but how well are you monitoring your staff, for example? No, really, their behaviors can actually expose themselves and you to blackmail. You only have to think back to the Ashley Madison breach to start putting two and two together. What you have to remember is that not everyone thinks like you and there are plenty of places to trade and monetize crime. You don’t have to go searching; it’s enough to know these places exist.

Hacking Is A Lucrative Game For Some, For You It Could Spell Disaster

However, to save you the trouble, know that the ‘Dark Net’ is like Tolkien’s Mordor. In the darkest depths you will find an interesting arsenal of attack tools including malware to compromise just about any system. More worrying still, there are holes and backdoors that have yet to be patched and are currently under the radar of current security systems. Yes, it sounds like a sophisticated gaming arena, and for many it is.

Cybercrime Has The Thrill Of The Chase

Cybercrime also has the potential for extraordinary rewards. If you are targeted then it’s likely a combined attack utilizing a combination of methods or even successional attacks will test any system to its limits.

Cyber Security Means You Need To Remain Alert

You may think that awareness will be enough, and to some extent it will help. Hackers use social engineering techniques so coax passwords and logins from employees. For example, phishing links can accomplish their mission by installing malware or plugging in a USB key by pretense or expectation.  Therefore, if you make it company policy to question everything, prevent any device plugging into your system and apply basic good housekeeping you can help yourself.

Don’t Become A Target!

This is worth bearing in mind to prevent a hacker moving around your network laterally. They can enter then ramp up their access privilege and install programs you will have difficulty finding. They are then able to take valuable information carefully and quietly over a long period of time without you ever knowing.  Anyone can be a target. Ironically, the US retail giant ‘Target’ became just that, back in 2014. It was quite a hack, as 40 million customers had their credit details stolen.

Hacking Can Cost Companies Millions

The irony of this is that it wasn’t Target the hackers started with, but a supplier. An air conditioning company had access to one of the systems within Target’s internal network. As a consequence hackers moved within the system with impunity and reached Target’s core point of sale system. Not only this, but they managed to install malware that remained undetected for months. Day after day it simply appropriated credit card details belonging to Target’s customers. The valuable data was then transferred to a repository, which was cheekily stored within the network. The data was then uploaded, using FTP, to a computer that the hackers controlled. Apparently this hack cost in excess of $160 million. It’s staggering and largely preventable or at least made too difficult to be a quick win.

You Are Only A Day Away From A Possible Internet Breach

US Voters’ registration records have been for sale on the Dark Net for months. Apparently the US Election Assistance Commission wasn’t even aware. 191 million voters details were involved. So significant data security breaches are happening regularly. These are a mix of conventional attacks, human and APTs. Sony, Microsoft, Ashley Madison, VTech, TK Maxx, T-Mobile, the US Office of Personnel Management, LinkedIn, the list is endless. It doesn’t matter how large or small you are, every company is a potential target. Check out a list of biggest data breaches on Information is Beautiful where infographics clearly communicate the extent of the problem

You May Think Improving Security Will Solve Everything

But it’s also a battle for hearts and minds. As security breaches increase and become more sophisticated, so consumers lose confidence. They will be asking whether your business can securely handle their personal data. If you can’t they will go elsewhere. There is also some hesitancy regarding the utilization of cloud-enabling systems. If you cannot comply with the legitimate expectation people have you will lose business. In addition, if the pace of digital transformation slows it will impact on an organization’s ability to innovate and develop. This is more than a matter of poor security.

The Internet Of Things Is Not Immune To Cyber Attacks

It’s not enough to shrug collective shoulders because security is becoming ever more complex from month to month. None of us exists outside the world of connected devices and the Internet of Things. This area is also problematic as many of the devices that appeared on the market initially possessed considerable security flaws. Devices as seemingly innocent as baby monitors, domestic thermostats, children’s toys and security cameras have been compromised and may not even be on your radar.

Of course, the more bad publicity is generated then the less likely true connectivity will happen. Perhaps that seems insignificant, but smart cities, predictive healthcare and energy use optimization could slow or even stop. Innovation is crucial. But we also need some innovative responses to IT security. Whatever happens it’s time for all of us to put our systems in order.

100TB’s Further Reading Suggestions:

Your new security threat for 2016: JavaScript Ransomeware

Cisco Security Report July 2016

10 shocking malware and ransomware statistics