If you have thought about cybersecurity, then you have wondered at one time or another how vulnerable you are to a cyber-threat such as a social engineering attack or target phishing attack. If so, here is a simple test to determine if you are:
Q. Do you have a pulse?
If you chose yes as the answer, then you are vulnerable to phishing attacks and other forms of cyberattack.
This was one of the ideas discussed at the Converged Security Summit in Atlanta, Georgia in February.
Most companies today have some semblance of a password policy that requires users to change their password on a recurring basis. Normally this is every 90 or 180 days. It is also common practice for IT and HR to disable the user account of an employee who has left the organization. This is especially critical regarding IT workers who have high privilege levels for the enterprise. The question is, however:
What about all of the service accounts within your company that was used by these former employees? There are many services on your servers such as backup, virtualization or ADFS that depend on AD accounts to run them. Many companies have their IT personnel log on to their enterprise switches and routers using the same local management credential. Organizations that have a large fleet of laptops or personal devices utilize a local admin that is the same for all machines. All of these incidences pose a definite risk because some of these former employees may be working for your competitors while you continue to utilize the same passwords they know. When an employee leaves your organization for any reason, you should change all passwords immediately for all accounts they had exposure to.
You may be accustomed to changing our password at work, but what about the password for our online banking site? When was the last time you changed it? Even worse, are you using the same password for your online banking that you use for your social media accounts?
Do you really need your Wi-Fi on at home when you are away at work? Cybercriminals are on the lookout for unattended Wi-Fi’s to work from and launch their attacks. Home Wi-Fis are vulnerable to brute force attacks.
Securing Your Enterprise from the Edge
Every company knows that it must protect its devices and users from the Internet, but what about the outer edge of our network? So many organizations depend on cameras to serve as the watchful eyes of the local premises. These cameras, however, exist in the unprotected perimeter of the organization. They may be mounted on an exterior wall or outdoor complex. In addition, many IoT devices are plagued by weak authentication and poor design that does not consider security. The fact is that the enterprise must protect itself from its own edge devices as these apparatuses represent a key vulnerability for networks today. Companies and users alike cannot trust the automated devices that are placed in office complexes and homes today.
Rather than utilize cameras that only require a simple username and password for authentication, opening them up for credential stuffing attacks, CHAVE is becoming the new recognized standard. Credentialed High Assurance Video Encryption (CHAVE™) technology is designed to ensure highly secure identification and authentication through multi-factor smart card credentials. It utilizes encryption model technology that uses cryptographically secure mini-or micro SD card “smart chip”. These devices are capable of managing digital certificates and credentials used in high assurance mission-critical applications such as law enforcement and military/defense applications. IoT hardware security should depend on proving identity, not username passwords.
Don’t Forget Physical Security
It’s a mistake to only focus on software when it comes to cybersecurity. Underneath any software is the hardware level. Although it is a more involved process, malware can reside within hardware as well. With the growing threat of nation state-backed attacks, organizations and governments must protect not only their hardware infrastructure and devices but their supply chains as well. Malware can be built into the hardware, lying dormant until it is ready to be used. What if a company ordered new keyboards that were delivered with integrated keyloggers? In some instances, a keylogger can be paired with malware that will create some sort of incident with the host machine, thus generating a service call. When someone from within the IT department logs onto the machine to troubleshoot the problem, the keylogger then captures his or her credentials.
Things You Didn’t Think You had to Worry About
As if it was not enough to worry about your cameras and other IoT gadgetry being hacked, consider this. The Department of Homeland Defense has determined that it is entirely possible for humans to be intentionally murdered by exploiting their wireless implantable medical devices. Even batteries could be manipulated to explode. Are we truly ready for that possibility?
Is Convenience Really Worth It?
All of the speakers hit upon a recurring subject, the idea that users are willing to sacrifice security for convenience. It’s vital to maintain security across your organization’s entire network. Effective network security means having a unified approach that incorporates user management across all physical, private and public networks. Network security must be intuitive, easily managed and scalable enough to handle security deployments across the entire network.
Are you an IT professional that wants to ensure sensitive data and devices are protected? Talk to a specialist or email us at firstname.lastname@example.org with any questions.