Highlights of the February issue of the monthly HBK Risk advisory Services Webinar Series, February 23, 2022, hosted by Bill Heaven, CPA, CISA, CITP, CSCP, Senior Director IT Development
Background
Changes to the IT Footprint: IT footprints have been changing due to:
COVID-19: people went from working in an office to working from home
Migration to the cloud: 88 percent of organizations use the cloud in some form or other
Work from home five days a week grew from 17 to 44 percent during 2020
Shadow IT: IT solutions that your IT group does not know about and you haven’t involved them in your IT decisions; people bringing solutions into your environment that haven’t been cleared through IT
Insider Threats:
Conscious: via attrition, people leaving your organization; disgruntled employees; people to be removed from access to systems as quickly as possible
Unconscious: social engineering, security awareness, mistakes like clicking on emails they shouldn’t
Security awareness training: 32 percent of breaches involve phishing; 85 percent of ransomware attacks use phishing to get in
Email is prime path for attackers sending malware; controversial subject lines like “stricter facemask policies beginning next week” will get employees to click on those links
Increased Credential Theft
Social engineering: access through user IDs and passwords; beyond email, also “vishing” via voicemail, and “smishing” via text messaging
Possible incursion by outside service personnel looking for employee passwords
Employees using weak passwords and repeating passwords
Infrastructure Oversights
Legacy applications left up and running, often because old data wasn’t yet moved to a new system, or data moved to the cloud with unremoved obsolete data
Misplaced authority/responsibilities: restrict admin access and assign responsibilities, like for patching when data is moved to the cloud
Preventing Business Interruption<
Business continuity or disaster recovery plan: 60 percent of small businesses go out of business after a cyber attack ; 67 percent of companies with less than 1,000 employees have experienced some form of cyber attack; 22 percent of businesses that are victims of ransomware have gone out of business
Backups: think of backups as a safety net
The Risks
Changes to the IT Footprint
Increased size of IT footprint has made it more difficult to protect data: work from home and cloud; plus third-party access to the environment, and shadow IT
Strange work hours: work from home changes work hours from previous patterns
Hard to determine who’s accessing your network and when
Confusion on security responsibilities: understand who will be responsible for implementing security processes
Insider Threats
Espionage: people inside the company or have recently left; have to keep in touch with employees because they could be inclined to steal data or provide access; attackers hiring ex-employees enticing them with substantial offers
Increased Credential Theft
Colonial Pipeline initiation of breach was through ex-employee, using a weak password to get access; Colonial did not use multi-factor identification; should have at least two-factor identification to prevent easy access
Infrastructure Oversight
Legacy applications: hackers’ access to old data, so know which systems need to be de-commissioned
Limit number of admin rights to systems; hackers with admin can move laterally to broaden access and move around your systems
Responsibilities: 33 percent of breaches were the result of unpatched vulnerabilities
Preventing Business Interruption
Big risk on backups: ransomware can get to your backups and ruin them; have to check regularly to ensure they are operating appropriately
Know where your data is stored: in the Cloud; any shadow IT?
Perform risk assessment on your vendors and their access to your data
Insider Threats
When employees leave, take away their system access ASAP, including remote access
Link identity access to your HR systems, so access rights are removed when an employee leaves
Monitor abnormal work hour traffic to gain baseline knowledge of patterns
Ensure you run regular vulnerability scans and patching is up to date
Increased Credential Threat
Do sample phishing campaigns to train employees not to click on suspect emails
Employ more complex passwords; hackers can crack any password; use password mangers; implement multi-factor or adaptive multi-factor identification
Infrastructure oversights
Decommission software and know who has access
Ensure data is encrypted that is not coming through a legit path
Ensure vulnerabilities are addressed through patching: operations, applications, hardware, and firmware
Use complex passwords; get rid of built-in passwords
Keep track of number of privileged users
Preventing Business Interruption
Business continuity/incident reporting planning: have a continuity plan including communications, such as who is able to talk to media
Have a written, trusted, and updated continuity plan, and have multiple copies stored in various locations
Backups: hackers are finding backups and trashing the data; strategy include “3-2-1”: three copes of data, two on different media, one always off-site; air-gapping or offline is not connected to the internet
If you pay a ransom, understand how long it will take to get operational after you pay
Speak to one of our professionals about your organizational needs