Did you know that according to research, 20% of businesses are hit six or more times per year, and 80% have had at least one cybersecurity incident in the last 12 months that was severe enough to necessitate a board-level meeting?
If security controls are too constraining, employees will work to find a way around them. This statement is particularly apt when it comes to physical security. We have all become quite used to physical security in one way or another. Be it the turnstiles we must go through before entering to watch our favorite sports team or the guard at the factory gate who has to search our vehicles as we get to work and leave - every time!
Security technologists must encourage users to provide feedback if physical security measures are too onerous and begin to inhibit productivity. That said, security practitioners should not consider the complete removal of a security measure simply because the users "do not like it."
Network Vulnerability Alerts
Vendor alerts and threat intelligence agencies bombard network security practitioners daily.
These can be alerts for:
Firmware - think of this as the chipset software that runs network equipment
Hardware - in most cases, this deals with obsolete network kit
Software - simply put, configuration
Each alert needs evaluation, a decision taken on when to apply the change. Some emergency fixes require immediate action, and others can be scheduled for implementation. Of course, your company's risk appetite will impact the immediacy of security changes.
From time to time, engineers will require third-party or vendor assistance. Don't forget to factor these potential costs into your budget next year!
In broad brushstrokes, we can group network security into three groups:
Hardware - any incorrectly or poorly managed hardware device is a risk, period!
Software - just the number of operating systems, the level of patching, the number of applications, and user preferences in even a small network; bring challenges for security managers
Human security - the most unpredictable of resources - people - there is practically no way to predict human behavior or the mistakes they may make
Hackers consider network security misconfiguration flaws as "low hanging fruit" since they're relatively easy to find and attack. For an attacker, it's frequently the path of least resistance. Nevertheless, it's a significant problem that hackers are exploiting at an alarming pace. For example, it has been found that misconfiguration is responsible for 82 percent of security vulnerabilities.
Let's chat about five network security issues.
1. Mis-Configured Network Devices
Mis-configuration mistakes happen very quickly and can be exploited even easier.
It is valid that strong passwords and multi-factor authentication significantly improve security. However, all network equipment is shipped with default configurations and default administrator passwords.
Therefore, engineers should change the default passwords before the device is connected to the network.
Let's face it, the configuration of network devices has to be done by someone, and people do make mistakes. For example, as we discussed, default passwords are not changed for admin accounts.
Hackers can exploit other default configurations if not changed before installation:
Active and listening ports
Services that are not required are not switched off or disabled
Ensuring the correct configurations are reapplied after a restart
Unused or temporary accounts left in place
There are many other exploitable vulnerabilities, but these are most commonly the cause of a breach.
2. Dated Technology
Using applications that run on dated, vulnerable platforms is, well, dodgy!
The same applies to allowing unsupported operating systems to join your company network. But, again, this risk applies equally to network devices as to servers, laptops, and other devices you allow onto your company network.
Businesses are faced with investment decisions to replace unsupported operating systems. Often, the newer operating systems cannot run on the older hardware. This decision is a double-edged investment sword.
Upgraded software can provide additional security capabilities, but if those features aren't activated or set appropriately, they won't be very effective. Therefore, you'll want to review each update to see what's new/changed/removed and make any necessary changes to your settings.
3. Unmanaged Software
Often referred to as shadow software, these are applications users install, with good or bad intent, simply because they can. Although sometimes it is not installed software, it may be an illegal sign-up to a suspect online application.
More passwords are compromised on the Dark Web by users signing up to 'free' services and websites than anywhere else.
Forcing users not to use their free email or other free tools will not work. Instead, take time to make them aware of the risk of these and other tools.
4. Log Files that Are Too Easily Accessible
Error messages are sent to log files. Overly descriptive error messages can expose sensitive information and provide attackers with helpful information to look for holes to exploit.
Log files have become a valuable asset to hackers. As a result, it has become good practice to place access measures around log files.
In an incident, particular attention must be placed on who receives log files.
It may be:
Forensic Auditors
Legal Teams
It is essential to have processes to destroy log files after the incident.
5. The People Factor
Mistakes are made, but there are a few things we can do to keep mistakes to a minimum:
Change Management - review all changes, test if possible, request permission to implement, and have backout procedures in place
Peer Reviews - sometimes referred as to eyes-on, have every change reviewed by another engineer
Disposal management - ensure processes are in place to wipe files and devices before throwing them out
Technical Change management can be onerous; it need not be. Instead, take time to find the middle-of-the-road what works for your company.
So What Can We Do About It All?
Consider running vulnerability assessments (sometimes called scans or audits). In this process, a recognized tool scans the company network to look for known vulnerabilities and oversights.
The known vulnerabilities include:
Operating Systems on the Network
Password Management
Patching levels
Open Ports
All software installed on the network
Files possibly containing PII (Personally identifiable information)
There will be other 'useful' findings such as:
Forgotten shared folders - remember those log files?
Passwords compromised on the Dark Web
Backups and Anti-virus in place
The process is intended to expose your network vulnerabilities and put measures in place to mitigate them. Reach out to us to help you assess and expose your network vulnerabilities.
All It Takes Is One Point of Weakness!
These commonly overlooked security vulnerabilities, whether accessible from within or outside your network, are likely placing your business at risk right now. To reduce your risks, continue to perform in-depth vulnerability scans.
The weaknesses are present. Given sufficient time, someone somewhere will find out how to exploit them at the expense of your company. It is preferable for you to identify these weak points first so that you can address them.
Don't get comfortable. Consider the big picture before it's too late! Contact us today!