Recently at networking events when the topic of Cyber Security comes up in discussion, I often sit back and listen, hearing the same answers to questions;
- "We have an IT department, surely they take care of it?"
- "I have antivirus"
- "Its not a big topic for us right now"
- "I am sure someone is working on it"
- "What is Cyber security?"
So having spoken with people during the events and answering some of their questions, while making them think and raise many more, I thought to start a small blog on our site where I will express my thoughts on the topics and will continue from time to time to post helpful hints.
Today I will talk only about the first question to keep these posts as short as possible, but will cover the other questions over the next weeks. Of course if you have your own questions, drop me a line via the contact us and I will answer them.
We have an IT department, surely they take care of it?
There is often a misconception that the IT department or "IT guy" is an expert of everything and anything. Even those which have some expertise in Cyber security are so overloaded doing day to day tasks, projects and requests from the management, that they simply cannot hope to keep up-to-date on everything which is going on around them.
Overload = Stress =Mistakes
Even in the more secure systems we have seen, when the IT department or Administrator is too busy, potentially costly mistakes are made. We reviewed one such company and while all was seemingly well, a seemingly secure company was anything but. A common mistake of leaving a temporary testing firewall rule in use had been left in place allowing.
Access from Anywhere to Anything!
Had this been exploited by an attacker, they would have had access to every system including, files, financial systems, servers, desktops, laptops, basically anything on the network.
When was the last time the firewall rules were reviewed?
As mentioned above, the outcome of our review spotted several security holes that had been in place for some time.Had these been exploited the company would have been in trouble. Rules are put in place at a time for a security reason, but months/years later these rules might still linger on, long after a system has been replaced or removed, leaving holes in your defenses.
If the company had been exploited would they have realized?
It is an unfortunate common fact that it takes the average company/IT administrator 6 months to discover they have been breached. During that time the attacker can take their time working through systems, gathering data and changing payment methods for financial gain.
When was the last time the permissions were reviewed?
Staff come and go, change positions, get promoted. What do these changes mean to IT? IT is often called to allow this person/depart access to these files, folders, systems. In some cases these requests are permanent others temporary, but time & time again we review systems where people have much more access than they should do, either from small changes over time or typically giving full control quickly fixes a small headache for IT.
How many active mailboxes or user accounts are still on your system weeks, months after that person left? Was the password changed? Is there a leavers procedure in place to ensure all devices are returned, data removed from personal mobile devices, remote access revoked & accounts locked?
How can we help?
We work on both the technologies in place, IT security polices, procedures and user education on Cyber threats.
Technology + Awareness = Security