Battling the enemy within
Traditionally, cyber attacks on corporate networks have come from outside the organisation. With the growth of mobile devices and the rise of the Internet of Things the danger now also comes from within, warns Michael Xie
The world moves swiftly; the IT security world even more so. Just a couple of years ago, securing the enterprise would basically consist of protecting an organisation from external intruders. Today, the battleground has changed.
Education efforts from industry players have created higher levels of IT security awareness in the business world, and more firms have implemented basic security measures that can thwart direct attacks effectively.
This development is forcing hackers to up their game by figuring out alternative ways to get their hands on valuable enterprise assets. One strategy that is becoming more common across the world is for hackers to gain entry to a corporate network by targeting its weakest points. Such points can include an unsecured employee mobile phone, or a workstation with limited access to corporate data. These weak points typically reside in low value segments of the corporate network. Once the hacker breaks in and gets a toehold, however, he can often navigate to other more valuable parts of the network — which tend to be much more rigorously protected from external attackers — quite easily.
This ‘lateral movement’ modus operandi proves to be effective most of the time because many organisations do not isolate different segments of the network from one another. Moving from one area of the network to another, is usually a breeze once hackers get in.
Other trends that are inadvertently increasing the risk of internal attacks include the proliferation of employee-owned mobile devices in enterprise environments. Poorly secured smartphones, or tablets can provide a weak point of entry into the organisation for hackers.
Compounding the issue further is the rapid growth of IoT devices. Early and even current versions of these devices are not designed with security in mind, and are very tedious if not impossible to secure properly. Lastly, an advancement in hacking techniques is adding to the challenge of securing the network.
Internal Segmentation Firewalls Needed
Traditionally, organisations deploy firewalls at the perimeter of the network for protection. Edge firewalls label all external traffic —i.e. internet traffic— as untrusted, while designating all intra-network traffic as trusted, and handle them in two distinct ways. There are no grey areas; no ambiguity.
Unfortunately the world isn’t black and white anymore. With the rise of attacks originating from weak segments of the network, the line delineating trusted and untrusted traffic has blurred. Merely deploying firewalls at the edge of the network is no longer adequate —organisations need to re-architecture their network such that internal firewalling can restrict malware flow between different segments of the organisation.
According to research firm Forrester, enterprises have built strong perimeters, but well-organised cyber criminals have recruited insiders and developed new attack methods that easily bypass their current security protections. Security and risk professionals today must make security ubiquitous throughout the network, not just at the perimeter.