Dissecting the network to uncover points of vulnerability
Once a business knows where the weakest links are in its network, it will have a better idea of how to start securing it.
But where does it start? What should it secure first and where are the biggest vulnerabilities? To answer these questions, says Hannes Kriel, SOC Technical Manager at KHIPU Networks, the business must understand it’s key mission-critical areas – including users, devices, perimeter security, and on-premises or cloud hosted applications – and the weaknesses they could represent.
Thousands of users – including employees, partners, contractors, visitors and customers – could access an organisation’s network or cloud environment, whether private or public, on any given day.
“When you think about the impact of this, the inherent increased risk becomes clear. Users have always been one of the ‘weakest links’ for businesses and social engineering. Phishing tactics, specifically, are still a huge opportunity for cyber criminals looking to access sensitive data that they can use for financial gain,” says Kriel.
When conducting simulated phishing campaigns, KHIPU Networks found that, on average, 29% of users opened the e-mail, 23% clicked the link in the e-mail, and 17% actually shared the requested information, compromising the network.
So, how can organisations mitigate this?
“First and foremost, it’s crucially important to undertake regular cyber risk network audits to understand the organisation’s exposure to phishing attacks,” says Kriel. “This allows the organisation to determine user awareness, evaluate and implement sufficient staff and user training, and deploy cyber security enhancements, such as simulated phishing attacks, to determine how users react to phishing e-mails. This way, the right level of awareness training can be provided to educate users on cyber security threats and data breach prevention.”
As with users, it’s critical that organisations understand what’s connected to their network, whether wired or wireless, and what access these endpoints have – where does data originate and where does it leave the network?
If there is no means for the organisation to be alerted and take necessary action when an unauthorised/unknown device connects to the network, they are at risk of their confidential data being compromised, says Kriel.
“When unauthorised and unknown devices are plugged into the corporate network, they can be used to access and harvest confidential information,” says Kriel. “But many organisations do not have a complete or accurate asset register and, even if they do, it can be nearly impossible for a business to know this, as users can circumvent rules and processes. This means they can use their own devices – whether maliciously or naively – to compromise the network.”
Businesses often don’t have visibility into what data or devices are actually on their networks, let alone if, when, and where new devices are connected, he adds.
“With data breaches increasing, it’s shocking that so many organisations do not have visibility of what’s on their network. Some have no way of identifying the potential threats, despite it being repeatedly proven that this can pose a huge and very serious internal risk to the organisation,” says Kriel.
Regular cyber risk audits will assess the environment’s risk to unknown devices. This will give organisations a complete view of all endpoints that are connected to the network, whether on wired or WiFi, so IT departments can quickly identify what is authorised and what isn’t, as well as which devices are able to access sensitive data, company folders, and other gated information.
Perimeter and applications
Many security systems are unable to identify network traffic at the application level and therefore cannot identify or protect against zero-day malware attacks, let alone enable organisations to determine what applications, whether on-premises or in the cloud, are being used by their workforce, and whether they have been infected by malware.
“It’s critical to take into account the different types of applications in the business, how they are being used, their relative security risk and if they have been infected by malware. The simplest way to do this is to undertake a regular network traffic risk assessment. By analysing the traffic on the network, including the applications and how they are being used, organisations can get a better understanding of the relative security risks at hand and if the network has been infected by malware,” says Kriel.