In the pre-internet age, a virus was something that required a tissue and aspirin, phishing meant you followed around a grunge band, and patching’s tech definition was limited to putting through a phone call. Fast-forward to today, where viruses spread through the online ecosystem in much the same way strep-throat spreads at a school, phishing has brought down Presidential campaigns and wounded Fortune 500 companies, and proper patching can provide essential protection. The words haven’t changed, but the meanings have.
If you described the online ecosystems that exist today to people 20 years ago, for most, it would be unimaginable. Online ecosystems should be fortresses that are impenetrable from the outside and functional from the inside. However, just as medieval fortresses had their weak spots, so do modern online ones. Hackers know what these weaknesses are and continually probe defenses to find more.
Smarter MSP caught up with Yu Cai, Associate Professor and Program Chair of computer networks and system administration at Michigan Technical University, to talk about how MSPs can identify and defend the inevitable weak spots in an ecosystem. In addition to his academic credentials, Cai has extensive industry experience with brands like IBM and Ford.
Open doors for bad actors
Ironically, the weakest spot in an ecosystem isn’t technical in nature; it’s human nature. After all, who can resist opening that email that looks like it came from Amazon or your bank?
“A very large percentage of cyber-attacks nowadays start with phishing emails,” with Cai citing that the figure is north of 90 percent. Moreover, most of it comes down to inadequate user training. This means MSPs need to continue to offer extensive in-house training to clients and their staff about the different ways they can avoid becoming the next victim of a phishing attack.
Over 90 percent of #CyberAttacks start with #phishing emails. #MSPs need to continue to offer #SecurityTraining to clients and their staff to help protect them from falling victim to an attack.
Once a phishing attack succeeds, a hacker has breached the fortress and can gain access to every part of the castle. This is where internal defenses are crucial.
“Most of the time victims of phishing attacks are stepping stones to more valuable targets or assets,” Cai explains. These assets often include social security numbers, credit cards, or banking information.
The second weak spot in the fortress is patching, or lack of it. “If people fail to patch their IT systems timely and properly, it is just like leaving a big hole on your front door and inviting bad guys to your home,” says Cai.
Every day there are multiple software patches released to fix software vulnerabilities and security flaws. The security information is available online and can be accessed by everyone, including hackers. Since the “bad guys” are always staying on top of the latest patches, you need to as well, so you can stay one step ahead.
Security information is available online and can be accessed by everyone, including hackers. Since the “bad guys” are always staying on top of the latest #patches, you need to as well, so you can stay one step ahead.
The third weak spot MSPs need to defend is inadequate protection on remote login and mobile devices, which open a whole range of new attack surfaces.
If the fortress is breached
Cai says that MSPs have several tools at their disposal that should be applied preventatively. The first line of defense is “network segmentation, which splits a computer network into several segments. Each network segment should have its own security boundary and protection system,” details Cai. Segmenting’s importance is echoed by fellow MTU professor Bo Chen, assistant professor of computer science.
Chen elaborates, “The entire system should be isolated to different parts, such that if one part is compromised, the breach will not propagate to others. The isolation could be done virtually (techniques like virtualization should help) or physically.”
The second line of defense is internal firewalls and security monitoring. “Internal security mechanisms protecting critical assets can help to “contain” hackers to non-critical areas, even if they gain access to your network,” Cai says.
The third line of defense is privileged account management and monitoring. “Privileged accounts are accounts with access to important resources and critical assets. Stolen, abused, or misused privileged credentials are relied upon by hackers in nearly all security breaches,” Cai explains.
IoT adds doors to the fortress
The growth of IoT has created more attack surfaces, so that the “fortress” has many more “doors” for hackers to breach. “Security of the Internet-of-Things (IoT) is indeed a big concern,” Cai says.
Companies are rushing to satisfy consumer appetite for IoT devices, probably without thinking as much about potentially clunky security mechanisms.
Cai uses the example, “Cheap web cameras from foreign manufacturers impose an enormous amount of security vulnerabilities because most of these IoT manufacturers just don’t have enough experience and expertise with security.”
Add to that, many of these IoT devices end up in the hands of people who don’t have cybersecurity experience.
Cai elaborates, “Many IoT end-users are not adequately trained and don’t have sufficient security knowledge. For example, many IoT users don’t know how to change the default password of a webcam or a home router.” Also, it can be difficult to update and patch IoT devices, which makes defending them even more difficult.
The vast array of IoT devices also makes defense more difficult to defend and more vulnerable to attack.
“It is difficult to have a unified defense strategy that can work for different types of devices, on different types of networks,” Chen says.
From phishing to patching, the meaning of each of these words is evolving, and MSPs need to evolve with the meanings to keep the ecosystems safe and the fortresses locked.
Photo: Kaitlyn Baker / Unsplash