Is Your Network Safe from Invasion? Why You Should Consider an IT Security Audit
While most organisations in 2017 have adopted security programs that successfully defend against cyber attacks, malware can still infect networks by way of unexpected sources. Personal USB drives, phones and laptops are used to access repositories of company information, but many organisations have not conducted an IT security audit that evaluates the risks they pose. Even something as seemingly innocuous as a thumb drive can be utilised to catastrophic effect by hackers, as we explain.
How a USB Drive Delivered Devastation
The most famous (probable) example of a device being used for cyber invasion is the Stuxnet malware attack, where in 2010 one or more infected USB Drives were used to exploit weaknesses in Iran’s nuclear program with a resounding outcome.
In simple terms, Stuxnet was a form of malware that could spread itself without needing to ride on a host file. Initially introduced in Iran’s Natanz nuclear facility, Stuxnet utilised four sophisticated zero-day attacks that managed to remotely destroy 1,000 centrifuges by making them spin faster than their operating limits while reporting to the central management system that everything was fine.
Protecting Your Network – Lock Down USB Drives
While the Stuxnet malware attack is obviously an extreme example of a USB being used to bypass security methods, modern organisations need to consider the threats that personal devices pose, whether intentional or not.
While not so common for business applications in 2017, USB devices can still transmit dangerous malware onto business networks. What policies does your firm have in place to guard against that?
Computer One recommends an IT Security Audit by a Network Security Management company every 24 months at a minimum to address issues like this.
One of the results of an audit can be to enact access policies over certain file types executed via USB and prevent them from being run. This means that you can still use USB’s for their primary purpose – large file transfer – without being unduly concerned.
Computer One also recommends application whitelisting that forbids unknown executables from operating on your network. It’s a great foil to hidden malware.
And seeing as we are now in the age of cloud document storage and transfer, you may even opt to completely disable USB ports on the devices on your network, mitigating the risk that malware may be walked past your software defences and into the heart of your operation.
A thorough assessment of your working environment in the form of a security audit will determine the best approach for your firm.