This blog is part of a series on IT Security we’ve created to examine threats in the modern security landscape. So far we’ve discussed the human element of security—and how increasingly sophisticated phishing attacks can fool even astute users. Now we’re going to touch on the importance of segmenting your network.
You may have heard this story in the news, and if you have then you know this type of attack can take down even the biggest of players.
Here’s the Scenario:
- Hackers gain access to a corporate network through a third-party HVAC system and from there were able to gain access to the point-of-sale (POS) payment card readers.
- Hackers gain access to 40 million credit and debit card numbers.
- Breach affects 110 million customers worldwide. Identity theft including full names, addresses, email addresses and phone numbers were taken.
Is your network properly segmented to prevent attacks from spreading? Contact us for a Network Security Assessment!
Business Impact
- CEO is forced to resign.
- Direct cost from the attack due to class action suit settlement is $162 million.
- The company also suffers indirect and unmeasurable costs associated with the loss in confidence from consumers, shareholders, and public.
What Can We Learn from This?
- This is a perfect example of why physical network security is essential. If the HVAC system was separated from the POS environment, the hack would have never occurred.
- Furthermore, no incident response system was in place to counter the attack when identified. No logging, no alerting, and no counter to the attack when it occurred.
How do we combat network attacks?
- Best practice is to implement a network segmentation design that separates critical system, servers, storage, workstations, printers, and environment controls. It is also incumbent to segment systems based on security risk factors, as well as separate based on potential access to the outside world—internet, DMZ, internal, secure, etc.
- Best practice 2: Implement an incident response system that can assist in identifying attacks, alerting when a potential attack is occurring, and implementing corrections to counter the attacks. Or, a system that can at the very least notify when a potential attack is occurring.
- Validate the solution. With internal groups, simulate attacks. Confirm expected behavior occurs. Work with external groups to have them simulate attacks. Evaluate the results and make corrective actions.
- Security is an always concern. The review and validation of solutions needs to be performed on a regular basis. It is not a set it and forget it solution.
Jacob Eker, PEI
Learn more about the modern security landscape and with Part Three of this series, “Modern Malware: What NotPetya Means for the Future of IT Security”!