The Colonial pipeline was recently subject to a ransomware attack by the Russian hacker group Darkside. The pipeline carries 2.5 million barrels a day which 45% of the East Coast's supply of diesel, petrol and jet fuel ...
This is not an isolated incident and has cost the US economy a small fortune. So, I have a simple question for you: "How many times a year does your company conduct a penetration test?" And of course, your reply is going to be, "What is penetration testing then?"
That's just a humorous anecdote, but what it actually means is the art of simulating a cyberattack against your company to figure out which holes need to be filled in your IT/Network infrastructure to lessen the 'routes in' for hackers.
If your network is brought down, if your data is seized by a hostile attack, it the contents of your computers are encrypted and demands for Bitcoin are received, how will you operate your business? How will you fulfil your contracts, how will you know when to pay suppliers or what is owed to you?
Is there a danger of your customer's personal data being sold on The Dark Web? How is that going to make them feel when it goes public that the breach was because your security wasn't good enough and you had holes in your network that could be exploited?
In previous blog posts, I have highlighted that it's possible you think you have secured all your networks, you've carried out due diligence and some simple 'pen testing' and then suddenly ... boom ... your network is compromised!
So, you call your IT team in, chastise them for doing a poor job originally and they, in turn, scratch their heads as they are 1000% sure they secured your network the first time you asked them to.
They start to investigate, which can take days and days, but wait ... what's this? "These smart speakers were not here the last time we were in the conference room! An employee hooked them up to the WiFi system at the request of their manager and no one bothered to change the manufacturer's default password!" And that's how the hackers got in.
I've talked extensively about the Internet of Things and these simple devices can cause massive security risks in any organisation. There have to be strict and clear guidelines when allowing Bring Your Own Device (BYOD) by employees. It doesn't matter who you are, any size of company can be hacked, from the smallest companies to massive organisations such as Colonial Pipeline.
If you are a smaller company and outsource your Telecoms and IT function, ensure that they are keeping up with the latest trends and are aware of all the security updates published in the industry. For larger companies with in-house IT teams, the same things apply.
More and more specialist roles are being created in the fight against Cyber-crime such as CIO (Chief Information Officer), DPO (Data Protection Officer), CISO (Chief Information Security Officer), not to mention a myriad of security consultant and specialist roles!
As quick as companies plug the leaks, hackers find new ways of penetrating systems, and still, the most common way for your company to be compromised is the good old phishing emails containing bad links to dodgy websites.
Get regular, extensive, penetration testing and plug the leaks in your network.
If you feel inspired to find out more then do call me on 07555 807700 or leave a comment below and I'll be in touch as soon as I can.