With mere days until Hanukkah and less than a month before Christmas, retail organizations are starting to see a spike in online and in-store purchases. This is the “most wonderful time of the year” for retail because it means ending the year with a big boost in sales. However, this is also a time when malicious actors are interested in breaking into your network to steal the vast amount of customer data you’ve collected, or siphon the credit card information as it passes through your point-of-sale (POS) gateway. A new study from ACI Worldwide shows a projected fourteen percent increase in fraud attempts during the 2018 peak holiday season, and overall volumes of purchases are expected to rise 18 percent. With that in mind, what can you do to protect your retail business from malicious actors?
Recently, there has been an increase in distributed denial-of-service (DDoS) attacks that involve the use of compromised IoT devices like IP cameras, and it is extremely common today for organizations and consumers to purchase IoT devices. So how can organizations reduce the IoT threat surface that these devices bring, and how can they see what these devices are doing?
Reduce the number of IoT devices on your network
While this may sound like an obvious solution, it’s likely not something you’ve considered given the availability of these devices in the market. But have you considered alternatives, or have you considered abandoning the purchase all together? Sure, that IP camera setup is extremely easy and doesn’t require you to drill holes, but connecting it to your corporate Wi-Fi may not make the most sense. Many hardwired versions of popular IoT devices are available and can provide similar functionality without the added risk associated with them.
Isolate the devices
Okay, so you must have that IoT coffee bar with built-in voice control to create that perfect cappuccino in the morning. But you don’t have to add it to the corporate network to use its internet-enabled features. When you have a device that requires internet connectivity, deploy the device on a guest network instead of the main, corporate network. This setup will allow the device to connect to the internet for updates and to retrieve those updated macchiato recipes you so desperately desire, but will keep the devices from connecting to business-critical applications and wreaking havoc on your corporate assets. We know you must have your iced quad upside-down caramel macchiato with light ice, but let’s make that possible while reducing the threat surface.
Deploy devices with least privileges
So your coffee bar might be something you can get away with putting on a separate, isolated network, but some devices might require connecting to an application or server on the main network. Fret not; it is still possible to deploy the IoT device on the corporate network without adding too much risk (risk is always possible when deploying any device).
When deploying IoT devices on the main network, they should always be deployed with a least-privilege approach. This means that you will deploy the device on the network, but the device will be locked down from communicating to everything that isn’t absolutely required.
Imagine you are deploying a new IP camera system that connects to the internet to provide DVR-like functionality. This new system will likely have a central storage server (either on the local network or online) where the individual cameras connect. In this setup, the IoT system is very limited in its requirements. Specifically, the individual cameras only need to communicate to the local, internal server for storing the video, or a limited set of connections to the internet (a range of IP addresses or hostnames where the internet server is located). Because of this, you can fairly easily limit the communications from the cameras by creating an ACL for these IP cameras and allow connections to the limited number of devices required to record and store the necessary video effectively.
Monitor IoT devices for anomalous behavior
If you are going to deploy IoT devices on your network, you need to monitor the traffic that these devices are generating. While ACLs are an important step in a multi-layered approach to network security, you must have a way to detect and alert on breaches to these policies. When the IP camera starts to communicate to the mail server or attempts to access your financial documents, a red flag should immediately be raised because, after all, these devices are purpose-built and have no viable reason to communicate with these servers or applications.
By having the insight on these IoT devices, you can reduce your IoT threat surface while still maintaining the convenience and improved performance that these devices provide.
If you would like to learn more about monitoring IoT devices on your network and leveraging network traffic analytics to see when they are communicating with device unrelated to their function, download Scrutinizer today; our team will help you get set up.
In a recent data breach, Facebook said hackers gained access to nearly 50 million accounts in what amounts to the largest-ever security breach at the social network. As of Friday, the company indicated that they did know who was responsible for the breach. The breach is the latest breach for Facebook (in March, the company said that the data of millions of users were improperly shared with Cambridge Analytica).
With these types of breaches taking place so close together from a widely-used platform, many organizations are unsure what to do with these types of networks, or, more importantly, how to protect themselves from the breaches when they occur.
What steps can I take to protect the organization?
There are a few steps to take to safeguard your organization against social media breaches.
Develop a Social Media Risk Management Strategy
The best step to take to protect your organization from social media breaches is to review and update your organization’s social media risk management strategy. If your organization doesn’t have one, you should seriously consider creating one.
Be sure to include the policies, processes, and specific programs to address each type of threat (e.g. training data breaches, weak passwords, publishing sensitive company information, etc.). Also, develop a clearly-defined plan that addresses every type of risk, with specific roles and workflows. You want to make sure the organization understands that who’s responsible when breaches occur. This will look a lot like your incident response plan if you are on the right track. Make sure these are all well-communicated to the key stakeholders across the organization.
Finally, develop an employee social media policy that your employees will follow. A social media policy outlines how an organization and its employees should conduct themselves online. It helps safeguard your brand’s reputation and encourages employees to share the company’s message responsibly. You can read more about creating a social media policy at https://blog.hootsuite.com/social-media-policy-for-employees/
Communication and Training
Once you have a well-developed strategy regarding your social media risk management and employee policies, you need to articulate the new plans for the company. You also want to get feedback from the employees (if everyone isn’t on board, you will have a tough time enforcing the policy).
During a company’s annual training is a great time to introduce these policies. During this training, be sure to include detailed instructions on how social media hacks happen. Articulating the need for strong passwords and two-factor authentication is an essential part of this training as it is vital that everyone understand the security problems from weak authentication (as IT professionals it is easy to believe that these are obvious steps, but for your sales, accounting, or service departments, it may not be as straightforward).
After the initial training, develop employee communications, training, and other programs to help employees understand, identify, and manage these risks, and make social media training for employees a part of the new employee onboarding process. This will prevent misunderstandings after a new hire comes on board. Additionally, include the employee social media policy and training in brand guidelines. This will allow you to extend the new policies to your partners and vendors that work with your company.
Finally, monitor social media and make sure that everyone who is responsible for social media monitoring is aware of what to look for, and the plans and workflow in the case of an attack. It’s great to have policies and strategy in place, but if nobody is looking for breaches/hacks, it won’t do you much good.
What to do in the event of a breach.
If you have everything in place and your employees have been trained, there is still the likelihood that you will experience a breach. If you do, reach out to the customer support team of the breach social media channel. If applicable, contact your account representative at the affected social media channel(s) to escalate the support request. At this point, you need to request that any unauthorized posts be deleted and temporarily disable the account until it is safely back under your control. You may find it helpful to partner with a technology vendor in some circumstances. Tools and technologies can proactively protect these accounts and alert you to potential hacks. Deploy these technologies to proactively defend against advanced attacks that may come from email, social media, or mobile apps.
By following these tips and best practices, you’ll are now prepared to protect your organization against a social media breach. When an incident occurs, you are ready to handle it!
Now that you’re ready against social media hacks, check out one of our latest blog posts to help you Catch and Stop Insider Threats.
When my wife and I were looking to renovate our garage and landscape the yard, we went online to check our options for financing such an endeavor. Our primary bank, a typical brick-and-mortar operation with relationship managers and personal finance advisors, had a bunch of information on their website about the options we had for financing. We could do a home equity line of credit (HELOC), a personal loan, a home equity loan (second mortgage), etc. We had lots of information, but when we went down the road to application, we found that the process was extremely cumbersome and that our bank—where we’ve been a customer for over fifteen years—had grown dated along with our house. Read more
The recent SANs 2018 Survey on Endpoint Protection and Response makes clear that point-security solutions are not enough to quell the ever-growing barrage of cyberattacks. The survey polled 277 IT professionals on endpoint security concerns and practices. In this year’s survey, 42% of respondents reported that endpoint exploits were down from 53% in 2017. However, the number of those who didn’t know they had been breached jumped from 10% in 2017 to 20% in 2018. To that end, security and network professionals need a way to detect when such vulnerabilities are taking place. In this article, I’d like to outline the importance of continuing to protect your network with endpoint protection while supplementing it with network traffic analytics.
Quite some time ago, my colleague wrote about our Gigamon NetFlow support. That article will help you understand how to configure your Gigamon appliances to export rich metadata to your network and security intelligence platform. In this article, I will discuss network traffic analytics as it pertains to Gigamon, and outline some of the few areas that Gigamon can supplement the metadata exports from your existing infrastructure.
According to a recent article on BleepingComputer, a backdoor Python library can steal SSH credentials. This can lead to ssh credential misuse if undetected by IT professionals. “The module’s name is SSH Decorator (ssh-decorate), developed by Israeli developer Uri Goren, a library for handling SSH connections from Python code. On Monday, another developer noticed that multiple recent versions of the SSH Decorate module contained code that collected users’ SSH credentials and sent the data to a remote server located at: http://ssh-decorate.cf/index.php.” In this article, I’ll show you how to detect SSH credential misuse with network traffic analytics and your existing network infrastructure.
According to a recent Ponemon Institute report, the cost of insider-related breaches has escalated to over $8.7 million. What’s even more concerning is that as the cost of insider threats has increased, the cost of non-insider threats is $3.6 million, according to IBM. This means that insider incidents cost more than double that of non-insider incidents. Furthermore, the report also indicates that insider threats take more than two months to contain on average. With this in mind, I’d like to help you understand these insider threats, and how to mitigate insider threats with network traffic analytics.
According to a recent New York Times’ article, there have been cyberattacks on critical infrastructure Saudia Arabia recently. While these attacks were not elaborated on in full detail (at least not in the article), it is important to understand the importance of protecting critical infrastructure from such attacks. In this article, I’d like to help you understand what critical infrastructure is, how it’s being targeted, and how you we can protect critical infrastructure from future attacks.
With the recent news of security vulnerabilities in the Intel Active Management Technology, now seemed to be the best time to share how security and network professionals can monitor Intel AMT traffic using their existing flow and metadata collector. In this post, let’s explore what the security vulnerability is, how you can remedy the problem, and how you can look for suspicious activities that indicate a compromised system.