Wrong. How many high profile organisations have been hacked in recent months? We are talking about Government, DoD, Security Companies, Sony! You can bet your cotton socks that these guys have more than one Firewall protecting their network(s) plus a whole load more protective controls.
So, if they have so much Security, how on Earth were they hacked - what was the weak link? Human Beings, a wireless Printer, Surveillance Bugs?
Well frankly it could be any number of things. A Human can be tricked into providing restricted information such as their user credentials. A printer might be running an old version of firmware susceptible to man in the middle attacks or a bug could be planted in the IT Room to eavesdrop on useful information.
The point here is that placing a Firewall on your Network or installing a Laser Beam Alarm Systems in the building is not enough. You need to put yourself in the shoes of a Hacker and think the way they do. Why break into a building at night when they can walk into to the building during the day and impersonate an employee? Why hack the firewall when they can plant a USB stick on the floor for an employee to pick up and connect to their PC punching a hole straight through the firewall?
What do we have to do in order to protect ourselves from these attacks? Well, I would start by having a carefully thought out Security Policy. Sounds a bit tame doesn't it? Well its the equivalent of a having a plan. Do you think the USA ever went into a War without a plan - actually don't answer that! Having a well thought out plan makes your life so much easier by providing you the path that you need to follow rather than trying to feel your way through. An Employee education programme would be a good place to start. It may include guidelines like:
'NEVER provide your User Credentials to ANYONE'. All seems quite obvious but you'd be amazed at how easy it is to pose as an IT Support member and blag a password out of someone. Another one might be to forbid the use of unauthorised external media such as USB Sticks. A quarterly staff or departmental presentation to educate staff on Security and explain why these controls are being put in place - Believe it or not it helps for the staff to know why they have been asked to act in a certain way.Read more in Part 2 of this document so keep a look out!
Protect Your Privacy With Reputation Management Top 5 Reasons to Check Website Security Why Ignoring IDS Could Lead to Substantial Damage for Businesses
0 comments:
Post a Comment