How to Mitigate Risk?
- Use standards to define and implement effective network security. In particular, avoid direct connection with external networks, control traffic in and out of the internal network, and between different areas of the internal network
Inadequately secured equipment
Equipment that is inadequately secured can:
- Lack appropriate physical security, allowing ease of access to unauthorized users and increase the likelihood of accidental actions
- Lack appropriate protection on physical inputs, such as USB ports and DVD drives, making it easier for malware to be transferred
- Contain unnecessary applications or run unnecessary services, increasing the possibilities of a cyber incident
Where possible, keep equipment in locked cabinets or rooms to avoid unnecessary contact. If this is not possible, use locks (physical and electronic) to secure access to physical inputs. Remove unnecessary applications and disable unnecessary services on equipment.
Inadequate anti-virus management
Equipment running without anti-virus protection is vulnerable to malware attack. With some malware, the infection may not be obvious and this can lead to a spread of the malware throughout the organization. A failure to maintain anti-virus protection (with the latest security patches or with the latest malware signatures) makes equipment much more vulnerable to newer malware threats.
- Ensure anti-virus is operational and maintained on all equipment, where possible
- Where not possible, ensure equipment is adequately secured to remove opportunity for introduction of viruses
- Use standalone machine to perform virus checking on incoming machines and media
Inadequate change management
There are two important considerations for change management:
- Making changes to system software or hardware can introduce new vulnerabilities that, if not considered, could be exploited
- Inadequate change procedures can create cybersecurity incidents.
For example, a failure to implement a backup before updating software could result in system unavailability if the update fails
How to Mitigate?
All changes must be reviewed before implementation. The review must assess the potential impact on system operation (reliability, performance, etc.) as well as any changes to cybersecurity risks. A change procedure/policy (we can prepare and implement for you) must be in place that ensures that all changes are implemented with a step-by-step plan and a means to restore any equipment to its previous state, if required
Inadequate security patch management
Equipment running without the latest security patches is much more vulnerable to newer malware threats. The more security patches that are missed, the more vulnerable the equipment becomes.
Ensure equipment is kept up to date with latest security patches from vendor(s)
Inadequate backup management Backups are essential to the restoration of failed hardware or equipment infected with malware. In order to be effective, backups must occur frequently to avoid the loss of significant amounts of data. In addition, unless backups are periodically tested, they can prove to be useless when required.
- Determine what needs to be backed up and how often
- Maintain backups to defined regime • Periodically test backups using a test environment
Inadequate password management
There are two key issues:
- Weak passwords are easy to guess (e.g. ‘password’) or use only letters or numbers. A weak password can be determined using ‘brute force’ techniques, within 1-2 minutes
- Passwords that are never changed, or changed infrequently, are much more vulnerable to exploitation
- Implement required password changes.
- Avoid use of shared accounts, where possible
- Ensure shared accounts have limited privileges
- Enforce a policy to change account details when someone leaves or moves to a new role in the organization
Use of default accounts Many devices or systems have manufacturers’ default accounts. If these accounts are not changed, anyone with knowledge of the default details can gain unauthorized access much more easily. In some cases, default account information is freely published on the Internet.
- Remove or change default account details (username and/or password),
- Enforce strict physical access control on equipment
Inadequate incident response
Many organizations have no plans in place to deal with a cybersecurity incident. Organizations that have plans in place may not exercise those plans sufficiently, to validate that they are effective. Without an effective incident response plan in place, organizations can be exposed to major consequences should a cybersecurity incident occur.
- Let us prepare an Incident Response Plan for you.
- Implement an incident response plan that identifies the possible incidents and the appropriate response to each, as well as the key internal and external contacts
- Exercise the incident response plan periodically to verify that it is effective. Continue to test and stay vigilant with our preparedness planning and monitoring system.