The Colonial pipeline was recently subject to a ransomware attack by the Russian hacker group Darkside. The pipeline carries 2.5 million barrels a day which is 45% of the East Coast's supply of diesel, petrol and jet fuel ...
Simple IOT devices can cause massive security risks in business network!
This is not an isolated incident and has cost the US economy a small fortune. So, I have a simple question for you: "How many times a year does your company conduct a penetration test?" And of course, your reply is going to be, "What is penetration testing then?"
"A lot of people would think it sounds rather painful!"
That's just a humorous anecdote, but what it actually means is the art of simulating a cyberattack against your company to figure out which holes need to be filled in your IT/Network infrastructure to lessen the 'routes in' for hackers.
If your network is brought down, if your data is seized by a hostile attack, if the contents of your computers are encrypted and demands for Bitcoin are received, how will you operate your business? How will you fulfil your contracts, how will you know when to pay suppliers or what is owed to you?
Is there a danger of your customer's personal data being sold on The Dark Web? How is that going to make them feel when it goes public that the breach was because your security wasn't good enough and you had holes in your network that could be exploited?
In previous blog posts, I have highlighted that it's possible you think you have secured all your networks, you've carried out due diligence and some simple 'pen testing' and then suddenly ... boom ... your network is compromised!
So, you call your IT team in, chastise them for doing a poor job originally and they, in turn, scratch their heads as they are 1000% sure they secured your network the first time you asked them to.
They start to investigate, which can take days and days, but wait ... what's this? "These smart speakers were not here the last time we were in the conference room! An employee hooked them up to the WiFi system at the request of their manager and no one bothered to change the manufacturer's default password!" And that's how the hackers got in.
"Believe it or not, it really can be as simple as that!"
I've talked extensively about the Internet of Things and these simple devices can cause massive security risks in any organisation. There have to be strict and clear guidelines when allowing Bring Your Own Device (BYOD) by employees. It doesn't matter who you are, any size of company can be hacked, from the smallest companies to massive organisations such as Colonial Pipeline.
If you are a smaller company and outsource your Telecoms and IT function, ensure that they are keeping up with the latest trends and are aware of all the security updates published in the industry. For larger companies with in-house IT teams, the same things apply.
More and more specialist roles are being created in the fight against Cyber-crime such as CIO (Chief Information Officer), DPO (Data Protection Officer), CISO (Chief Information Security Officer), not to mention a myriad of security consultant and specialist roles!
As quick as companies plug the leaks, hackers find new ways of penetrating systems, and still, the most common way for your company to be compromised is the good old phishing emails containing bad links to dodgy websites.
Get regular, extensive, penetration testing and plug the leaks in your network.
Until next time ...
Would you like to know more?
If anything I've written in this blog post resonates with you and you'd like to discover more about penetration testing for your own business networks, call me on 01604 926100 and let's see how I can help you.
The word 'Technology' has too many connotations in today's world!
Where do we start? Simple terms like 'IT' and 'Telecoms'? or terms that appear NOT to have an actual meaning at all!, e.g. 'Internet of Things (IoT).
Technology also encompasses specialist products and services like 'Rugged' and 'Tough' android devices, Lone Worker Software, panic alarm devices, smart energy devices, low energy lighting, credit card terminal (PCI DSS) security, indoor/ outdoor Wi-Fi systems, Ultrafast Gigabit internet connectivity, access control systems, industrial IoT circuit controllers.
BTS UK can consult from simple solutions to the most complex, provide some of the products through a wholesale channel, bring together a multi-disciplined 'Task Force' to deliver and implement complete Technology 'projects'.
I am your technology problem solver and I look forward to helping you.
No unauthorised use, duplication, distribution or modification to any original content contained within this blog is permitted without prior written permission of the author. All other trademarks and registered names are acknowledged.