Cyber Security Solutions are permanently under review by astute heads of IT. The FBI has confirmed that there has been a significant increase in IT-related crime over the last two years.
The increase in home working and remote access to corporate systems has exposed new attack surfaces that are not completely secured by existing cyber security solutions. In addition, a back door into corporate networks is home networks connecting with work networks.
IT and Network Security heads are continually striving to improve their cyber security solutions to meet the challenges of malware and network attacks that are increasing in frequency and ferocity.
Here are five steps to take when considering new and improved countermeasures.
The FBI has often stated that most security problems start between the keyboard and the back of the chair. Their experience is that most successful malware and hacker attacks follow user actions or inactions, malicious or innocent. For example, most phishing exploits are successful because a user has clicked on a link in an email.
User Education starts at induction. Users are educated about recognising threats and what they must do if they suspect they are being attacked. They must also realise that they must not share material between their home and work networks using flash drives or online network storage.
Users need periodic reminders and reinforcement on threats. A newsletter or periodic update sessions do this.
One area that is often forgotten is user termination. When a user resigns, especially if it is a firing or “letting go”, their network access privileges must be revoked immediately. A departing user can steal confidential information or intentionally introduce malware.
Many networks, particularly manufacturing environments, are made up of co-joined smaller networks. IoT devices are common in this environment. Many IoT devices do not have fully-fledged inbuilt network security and could be open to a successful attack.
There is a move to “Fog Computing”, where networks of IoT devices at the network edge controlling discrete manufacturing processes are insulated in separate clouds from the rest of the corporate network. Traffic can pass, but only under strict control.
Controlling Remote Access
Remote access to corporate networks and websites has expanded greatly recently, driven by lockdowns keeping staff at home and a move to e-commerce in many companies.
This is probably the greatest new challenge for IT people. Control problems can arise at the user end, in the middle and at the corporate end.
To start at the far end with BYOD management. In the past, when the network was entirely in-house IT had full control of all the attached devices. Nowadays, when users are working from home, that is not economically possible. In any event, if remote access is allowed by others, for example, a customer wanting to know about the status of an order, it is not possible.
Smart devices are a particular problem, since they can be easily lost or stolen, and fraudulently used to access corporate networks. Before allowing access, some organisations automatically download a remote-control app that allows them to wipe the device if it is misused or reported as lost or stolen. That isn’t a complete solution because many smart devices can be recreated from online data stores. Devices can be denied access by blocking their MAC address.
Security in the middle means that VPN to manage access is an absolute no-brainer.
The issues associated with remote access mean that the locus of control needs to be at the corporate end.
Local Device Management
Home networks almost always have inadequate security and bringing material to work on flash drives can inadvertently introduce malware. A flash drive is easily concealed. They can also be used to steal confidential information. Disable the USB ports on local desktop equipment.
A second vector for theft of Intellectual property and corporate data is online storage such as DropBox, Google Store and OneDrive. Confidential information can be uploaded and later downloaded elsewhere. Online data stores should be blocked.
Make user profiles reflect their needs. Sometimes when users are promoted or transferred, they retain the privileges of their previous post which are no longer applicable.
The price of security is eternal vigilance. In addition to the usual network monitoring tools, there are software and management matters that need to be attended to:
- Alert systems should be deployed to make sure any unusual network activity is detected and reported as soon as possible.
- Network security staff need to continually review user activities to see who is trying to push the boundaries of their security level.
- All IT staff need to be continually up to date with the latest hacking information and potential countermeasures.
It is inevitable that any network will be attacked at some time. Cyber Security Solutions need to be under continual review to make sure they remain relevant and capable of countering the latest threats.