4.8.19 – SSI –Lance Holloway
Cybersecurity on internet, secure network connection and cloud, personal data protection and privacy, technology against email phishing, fraud and cybercrime, business person touching screen
Every IP addressed piece of equipment is a potential unlocked door for a cybercriminal. Here’s why it’s important to safeguard clients against external and internal threats.
In today’s physical security/IT environment, planning, deployment, administration and ongoing support for IP-based equipment is a foregone conclusion.
Consider this scenario in which a movie was attempted to be downloaded: Within seconds of logging onto the computer, a DOS-looking skull and cross bones popped up on the screen depicting a menacing image. Along the bottom appeared the directive, “This is my server. Follow my rules and finish your uploads.”
From there, it was simple to navigate by number which menu feature was needed to press to either upload or download pirated movies. This was a shocking discovery to find a hidden piracy FTP server; but, more so, because it was on the backside of the security server for a major university.
At the time, a decision to put physical security equipment on a demilitarized zone (DMZ) network architecture may have seemed wise to ensure it did not interfere with IT governance and maintenance. It turned out, however, that IT oversight to the IP-based equipment was essential, and the neglected equipment was virtually confiscated by nefarious actors.
Hopefully, the days of DMZ deployments are gone, as well as those of air-gap separate network arrangements where security equipment sits on its own network. The fact is, if there aren’t IT team members with IT skillsets caring for the equipment frequently, every IP addressed piece of equipment is a potential unlocked door for a cybercriminal. Even air-gap equipment can get infected over time.
Today’s hacking tools (whether ethical or not) maintain a very healthy head start over defensive measures. One can simply access websites that may have already done most of the research and probing for an attack of an aspiring hacker.
It is possible to search for a target by name, find the location(s) and Internet service providers (ISPs), and, possibly, already have any stray equipment left hanging open to the Internet listed in a convenient format.
Some hacker sites even go so far as to have a link to the programming and user guides for any equipment they find vulnerable. It may not even be necessary to get on the target property to physically touch the network to gain access.
In 2016, thousands of security video devices were suddenly illuminated in bright neon to the world when they were remotely seized by a global attack effort on a major ISP. What that attack brought to light was that many devices are simply thrown on a network and not configured for any security, let alone monitored for strange activity. This haphazard installation practice must change.
The Mirai attacks showcase more of an ambient threat to network devices. This attack shows where the virtual doors were left unlocked and taken advantage of. The example at the beginning shows a stray opportunist borrowing someone else’s equipment to facilitate illegal movie distribution. What happens, then, when attacks are a deliberate function of corporate espionage or state-sponsored conflict?
Data privacy, intellectual property (patents) and many other major impacts to business health are just starting points for organized and targeted hacking efforts. Some foreign governments will pay the bill for hacker teams to act to the advantage of a large company within their own borders, thus, impacting their GDP.
Bottom line, it is real, and it happens often. It is a wise course of action to have a threat assessment conducted for customers’ businesses to examine these possibilities.
An additional threat vector in the cyberworld is that of insider threat. Highly technical employees with suspect ethical behavior may think it funny to locate the salary database or hack into the security video and access systems. All fun and games, until there is a breech.
A couple of years ago, a Fortune 100 bank suffered a front page “Black Swan” event when one of their system administrators thought it would be a great idea to take a customer database home on a thumb drive.
One thing led to another and the individual went on record stating that hackers took over his home computer with the customer database on it. Employees with administrative access should make peace with living under heightened accountability and tracking.
A quick study of the Edward Snowden incident marks social engineering that may have begun with very intelligent skills being met with low accountability and compartmentalization, which escalated into full blown violation of trust.
Social engineering, where a hacker can talk to employees to gain a way into network information that would otherwise be unavailable, is one of the most significant areas of risk in today’s corporate environment.
Research cyberattacks for companies that are like those of your various customers. If the business in question is a university, manufacturer, hospital or bank, there are generous amounts of case studies that can bolster any budgetary request for stronger cybersecurity. Without a persistent and well-educated defensive effort, physical security equipment can be a sitting duck for numerous forms of cyber-vulnerabilities and compromise.
Lance Holloway is Director Vertical Technology for Stanley Security.