Businesses need to understand all the potential entry points for cyber attackers and create a holistic cybersecurity strategy that leaves no door open for hackers.
A recent Forrester report states that organisations need a holistic view of risk as that is the only way to adequately prepare for such events and mitigate the potential damage.*
It may seem obvious to say organisations need to plug every potential weakness but there are so many areas that get overlooked. For example, printers are ubiquitous in the enterprise and most of them are connected to the internet, yet businesses rarely take them into consideration when forming a cybersecurity strategy.
Common sense says you should lock down printer access but what features and functionality are businesses willing to sacrifice in the name of cybersecurity? Most workers need mobile and wireless access to printers so there needs to be some degree of connectivity. For many organisations, the trick is finding the balance between security and usability; and this goes for all parts of their organisational infrastructure, not just printers.
We have identified four key questions businesses need to ask to determine their security strategy:
1. What is the business’s risk appetite?
Businesses need to understand what outages they are prepared to accept, what level of negative media attention they can withstand before it affects the business, and whether there is confidential or private data on the network and, if so, how valuable it is to the business.
2. What are the real threats this attack surface presents?
Even something as seemingly-innocuous as a printer can leave an organisation wide open to significant threats. Compromising the printer network lets attackers control and monitor the corporate network. They can see all documents printed, explore and identify other weaknesses in the network, create an internal denial of service attack and make it difficult to troubleshoot. This type of incursion typically survives standard malware clean-outs.
3. What are the potential consequences of an attack via this entry point?
The consequences of an attack will vary depending on the business but can include disruption to normal operations, confidential data leakage and privacy infringements. In turn this can lead to fines under the Privacy Act and reputation damage, particularly if the attacker uses your network to attack others.
4. How likely is an attack?
The likelihood of an attack depends on how open the network is to the outside world and the level of interest in the business itself. Some businesses are less likely to be attacked than others, depending on things like their own profile in the industry or the businesses they partner with.
It’s important to get an internal business risk team to drive the risk assessment so the business has a clear idea of how important this is. The next step is to consider what controls should be implemented to protect the business. It’s important to maintain variety in the right combinations. Businesses should use preventative and detective controls together and make sure there is a response plan that is approved, understood and tested.
Some of the key preventative controls that work well include defined network isolation controls and authenticated communication to printers. When it comes to detection, it’s important to track and alert any failed access attempts, implement intrusion detection and prevention solutions, centrally log network and user behaviour and, of course, monitor logs constantly.
*https://www.forrester.com/report/The+Forrester+Wave+Governance+Risk+And+Compliance+Platforms+Q1+2016/-/E-RES117977?objectid=RES117977
Alex Morkos, Director, Aleron
