Focusing too much on protecting only the crown jewels of the enterprise might leave gaps in security for criminals who are seeking other valuable assets. The hackneyed expression, “One man’s trash is another man’s treasure,” serves as a reminder that what the enterprise values is often different from what a criminal values.
Defending a network and the critical assets of an enterprise is a lot like safeguarding a home. There are layers of security in homes just as there are in the enterprise. From the windows to the doors to the locks and alarm systems, home owners know the vulnerabilities and put protections in to keep criminals out.
Ryan Stolte, CTO, Bay Dynamics said, “The big idea is that people are very specifically and deliberately attacking organizations.” The intent of those attacks, however, is not always the crown jewels. In order to defend the expanding network and everything that connects to it, “You need to put yourself in the shoes of bad guys."
In planning their attacks and seeking their victims, criminals look for the easiest access point, whether that is the organization that has, “Minimal security tools, lax security policies and/or exploitable employees and third party vendor users,” Stolte said.
“They collect their own social intelligence, gathering information about the victim business regarding what its surface areas look like, where it stores its most valuable data, which third-party vendors have access to their network and how they gain access, and which employees log in remotely and how they gain access to the network,” Stolte said.
In most breaches, organizations are being hacked by individuals. “It’s not just people sitting in China,” said Stotle. What most criminals want is data and their goal is to get access to credentials to get that data. “After they have breached you and gotten inside, they do it all over again, but from a different layer, to continually get deeper into an organization,” Stolte said.
The easiest ways for outsiders to gain access is by trying to compromise a particular person or to sneak in through an open door. “Technical engineering and social engineering go hand and hand,” said Stolte.
Social engineering is made a lot easier by the extensive use of social media platforms. Increasingly criminals are patient and take a longer and windier road to reach the final destination of their intended target.
Tim Erlin, director of IT security and risk strategy, Tripwire said, “Shodan allows anyone to search for vulnerable things. They are scanning company networks and gaining access to internal networks by probing the individuals who interact with customers or the public. The one that is increasing is the supply chain attacks. Instead of attacking directly, they are going after their vendors and contractors to gain access.”
Sign up for Computerworld eNewsletters.