In our previous blog, we defined CyberSecurity Architecture and addressed blocking and tackling from our September 24, 2018 Athens Group Newsletter. That newsletter discussed our afternoon panel at the September 2018 IADC Advanced Rig Technology Conference & Exhibition in Austin, Texas. Our panel presentation was titled: “It’s NOT Rocket Science. It’s Blocking and Tackling.” Although a football reference, it was meant to hit home with the simple fact that cybersecurity’s foundation in any organization depends on how well the basics are executed. Blocking refers to instituting the mitigation processes discussed in the Newsletter and tackling means getting out in front of the threats by implementing a CyberSecurity Architecture.
Blocking versus Tackling
| Blocking | Tackling |
|---|---|
| Virtual Private Network (VPN) | User Training |
| Firewall | Management of Change |
| Demilitarized Zone (DMZ) | Patching |
| Strong Passwords | |
| Personal Device Policy | |
| Tested backup and restore | |
| Website and Email white listing |
So, why do you care about Cybersecurity Architecture? You care because cybersecurity tackling must begin once your attackers breach your blockers – VPN, firewall, DMZ. You care because they are now in your systems. It’s first down and goal to go. The attackers have gotten into your systems by one of these methods:
- Phishing – The #1 vulnerability for operational networks are the users – employees, vendors and contractors. It’s extremely common for a user to infect an entire network by opening and clicking a phishing e-mail. They know how to spot infected e-mails or online scams, compromising your entire network. This is a basic 21st century tactic. Hackers pretend to be you to reset your passwords.
- Personal devices infected outside of work – This ranks right after Phishing for breaking into “secure” systems. Do you have an Acceptable Use Policy that outlines how employees are permitted to use company-owned PCs, devices, software, Internet access and e-mail? Putting such a policy in place limits the web sites employees can access with work devices and Internet connectivity. Enforcing your policy with content-filtering software and firewalls, establishing permissions and rules that will regulate what web sites your employees access and what they do online during company hours and with company-owned devices. This policy is even more important if your employees are using their own personal devices to access company e-mail and data. More on this critical tackling process in a future blog post.
- Weak passwords – Passwords should be at least 8 characters and contain lowercase and uppercase letters, symbols and at least one number. On a cell phone, requiring a passcode to be entered will go a long way toward preventing a stolen device from being compromised. This must be enforced by your network administrator.
- Unpatched hardware and software – New vulnerabilities are regularly found in common software programs you are using, e.g. operating systems, office applications, web browsers, email readers, and operational applications. It’s critical that patching and updating your systems becomes a regular and frequent process.
- Poor to no Backup and Restore – Having a solid, reliable backup can deter some of the most aggressive ransomware attacks, where a hacker locks up your files and holds them ransom until you pay a fee. Since your files are backed up, you don’t have to pay a crook to get them back. Reliable backups protect you against an employee accidentally (or intentionally!) deleting or overwriting files, natural disasters, fire, water damage, hardware failures and a host of other data-erasing disasters.
- Employee installed applications – One of the fastest ways cybercriminals access networks is by duping unsuspecting users to willfully download malicious software by embedding it within downloadable files, games or other “innocent”-looking apps. This is preventable with an active firewall and employee training and monitoring.
- Inadequate firewalls – A firewall acts as the frontline defense against hackers blocking everything you haven’t specifically allowed to enter (or leave) your computer network. Physical firewalls are shipped with a factory-default password that is NOT required to be reset. There are hundreds of thousands of hardware devices acting as firewalls that have the factory default password. How do you know the password? Look it up on the internet!
- Surfing compromised websites – If your company doesn’t enforce a white list of safe websites, you run the chance of someone surfing to a malware site via a link on another web page or within a phishing email. Once the malware is downloaded, you will have any number of surprises awaiting on your laptop, tablet or smart phone.
You must also care if your network diagram requires a wall, multiple sheets of disparate diagrams and is only connected by manually entered highlighted lines, like this one:
Or, if the hardware picture of any part of your communications closet looks like this.
What can you do about it?
Read the blog entries on our website – www.athensgroupservices.com, join our LinkedIn Group, and subscribe to our newsletter.