PART FOUR: Dissecting the Network and Your Points of Vulnerability
Last week, we discussed network vulnerabilities, the weakest links, and how to get started. Now that we know the questions to ask ourselves and our teams, we have a better idea of how to get started in securing the network – but what points of the network need to be secured and where are the biggest points of vulnerability? Here we dissect this with the aim of understanding the whole of the network and each individual point as well as the threats they could represent.
Organisations – large and small, public and private – can have thousands of users accessing their network on any given day. These users can be employees, partners, contractors, visitors or even customers. When you sit back and think about the impact of this, the inherent increased risk becomes apparent. Users have always been one of the ‘weakest links’ for businesses and social engineering – phishing tactics specifically remain a huge opportunity for cyber criminals looking to get their hands on sensitive data that they can use for financial gain. In fact, based on KHIPU’s work with organisations across the globe, the company has found that when conducting simulated phishing campaigns on average, 29% of users opened the email, while 23% of users clicked the link in the email and 17% of users actually shared the requested information, compromising the network.
So, what can organisations do to mitigate this?
First and foremost, it’s crucially important to undertake regular cyber risk network audits to understand the organisation’s exposure to phishing attacks. This allows the organisation to determine user awareness, evaluate and implement sufficient staff and user training and deploy cyber security enhancements such as simulated phishing attacks to determine how users react to phishing emails so that the right level of awareness training can be provided to educate users on cyber security threats and data breach prevention.
Just as with users, it’s extremely critical for organisations to understand their endpoints – where does data originate and where does it leave the network.
Cyber breaches can be a result of unauthorised and unknown devices that have been plugged into the corporate network and used to access and harvest confidential information. Even today, many organisations do not have a complete or accurate asset register and, even still, it can be nearly impossible for a business to know this as users can circumvent rules and processes, so they can use their own devices – whether maliciously or naively. Therefore, businesses often have no visibility of what data or device is actually on their network, let alone know if new devices are connected, when and where.
With data breaches on such a rise, it is shocking that there are so many organisations that do not have visibility of what is on their network – particularly for those that have no means of identifying the potential threats when it has been repeatedly proven that this can pose a huge and very serious internal risk to the organisation at stake.
A regularly conducted cyber risk audit will assess the environment’s risk to unknown devices, giving organisations a complete view of all endpoints that are connected to the network, whether it be on wired or WiFi, so that IT departments can quickly identify what is authorised and what is not as well as which devices are able to access sensitive data, company folders, and other gated information.
Perimeter and Applications
Many perimeter security systems are unable to identify network traffic at the application level and therefore cannot identify or protect against zero-day malware attacks, let alone enable organisations to determine what applications, whether on-premise or in the cloud, are being used by their workforce, and whether they have been infected by malware.
Many perimeter security systems are unable to identify network traffic at the application level therefore cannot identify or protect against zero-day malware attacks, let alone help determine what applications are being used by the workforce. It is extremely critical to take into account the different types of applications, how they are being used, their relative security risk and if they have been infected by malware. The simplest way to do this is to undertake a regular perimeter risk assessment. By analysing the traffic on the network, including the applications and how they are being used, organisations can get a better understanding of the relative security risks at hand and if the network has been infected by malware.
Next up, we look at the types of businesses and ask if some are more at risk than others.