I recently read Carbon Blacks “Global Incident Response Threat Report” regarding the topic of Island Hopping. If you are not familiar with the term, it’s the act of a hacker gaining access to a network and then infiltrating the supply chain to gain access to clients or suppliers’ networks.
The Chief Cybersecurity Officer for Carbon Black says, “They don’t just want to rob you and those along your supply chain…..these days they want to own your entire system.”
The unfortunate news here is that it’s getting easier than you think to accomplish this goal. We focus on clients in the mid-market. Many of our customers have great security mechanisms in place and are truly doing everything they can to stay abreast of the threat landscape. They are aware that they may be attacked and are not afraid to use internal and external resources to continue to innovate their security environment.
We also encounter a whole host of companies who don’t believe that they have anything of “Value” on their network and because of that, they simply don’t budget appropriately for security. These organizations don’t seek out additional education related to security and tend to focus on blaming their end users as the sole source of issues.
If you are proactive with your security, you really need to be worried about the companies that are not. This is potentially where your next attack is going to come from. Evaluating your internal and external security posture is still a must. But what’s your mechanism for making sure that your partners’, consultants’, and supply chain are as on top of it as you are?
Unfortunately, for many of us, the answer isn’t cutting off communications. You can’t stop business in order to stay in business. So, what is the answer?
It starts with taking a hard look at your current security posture. Almost every environment will benefit from better visibility, data correlation and automatic remediation. I know this is easier said than done. That being said, here are some quick areas to review; Firewall and Endpoint quality, SIEM, Vulnerability Management, Identity and Access Management, Patching.
If you like to go deeper, start looking at AD Monitoring and Security. Here’s an area where we rarely talk to anybody who is ahead of the game. Lots of folks are cleaning up periodically, but most have no real system for removing, cleaning up, understanding when new accounts are getting provisioned, or when existing accounts are getting privileges escalated. And as you know if hackers can change user privileges your network is about to be fully pwned.
Once you’ve done the work internally it is time to look at vendor management. Your ability to do a quick front line security assessment on existing vendors as well as prospective vendors will help you identify businesses who have poor security hygiene. It is becoming ever more critical to assess vendors and determine if their services outweigh the security risks of doing business with them. In a tight contest between two similar vendors, their security posture score can be used as the tie breaker on who you want to allow access to your network.
It’s a lot to think about. It’s even more take on. But no matter If you’re at the beginning of the process, or if you already have a comprehensive program in place, a trusted security vendor can help. Let us know how we be of assistance. We are here to help you in the fight for uptime.