How protected are you?
From the biggest banks to your company’s network, having an overview of security helps you see the obvious points of exploitation.
The Antwerpen Diamond Center was supposed to be impenetrable. The vault itself was protected by ten impregnable layers of security including magnetic, light and heat sensors; infrared motion detectors and seismic detection warnings as well a combination dial lock with 100 million possible combinations. In addition to all this a foot-long key—described as almost-impossible-to-duplicate—was needed to enter. The vault itself contained security boxes with gold, jewelry and diamonds with an estimated worth well above USD150 million. The Diamond Center even had its own security force… no-one could imagine someone being dumb enough to try to break in.
Mid February 2003. Leonardo Notarbartolo lead a group of thieves out of the Diamond Center with a loot worth USD100 million, a haul that has never been found. They had operated undetected and no violence had been used. How did he do it? It had taken many meticulous months of planning (which included building a real-size replica of the actual vault) and made use of things such as pen cameras, polyester shields and womens hair spray. The heist included several James Bond moves but was made possible due to the fact the Diamond Centre shared a private garden with an abandoned office building and that this garden didn’t have as much surveillance as the other entry points. Notarbartolo also found out from his own hidden surveillance cam that the guards often visited a utility room before and after entering the vault. And even though the Diamond Center spent a fair amount of money on protection, the foot-long key that was impossible to duplicate was stored in the open, in that utility room, enabling the thieves with the finale to do the actual break in.
We can laugh at the situation, the audacity and the hubris of the vault operators, even with that amount of money spent on security it was such a rookie mistake as storing a key in the open that enabled the heist. We can suppose that the management was so confident on security due to all the money they spent and fancy gadgets that they didn’t pay attention to all the details. As you smile at this, think about how it is working in your own house? You might spend money on alarm systems, cameras and smoke detectors, even asking your neighbor to mow the lawn while you are away. But you keep a spare key hidden close to the door just in case one of the kids forgot his/her key in school. Or, you have a remote clicker for your garage in your car, a car that can be traced back to your person via the license plate. The phrase “you’re only as strong as your weakest link” is totally true.
The same goes for cybersecurity: so much has been innovated over the years to keep up with the criminals that reside in the digital world. Features like antimalware, firewalling and DDoS protection is known to almost everyone. As an IT administrator or security officer, you know that this is not enough. Who is using your network, how much of your traffic are really authenticated? What key size are used in your algorithms when encrypting communication with remote offices? Are my signatures updated? The list goes on…
Today’s threat doesn’t limit itself to data or identity thefts, nowadays criminals could enter your network not to steal data, but to steal time from your CPU to be used for data and crypto mining. And actually your protection itself might be a risk, if your performance utilization is reaching its maximum; it’s just a matter of time before your own protection systems such as firewalls could take your own data and services hostage. When the throughput reaches its maximum, packets are dropped and the communication with your network is badly degraded. With some of the protocols resending the original packet dropped, it might take a long time before your network behaves normally again.
As today’s threats and counter measures are getting more and more complicated, it’s a high risk that your foot-long key is stored in the open—even though you imagine that it’s safe and secure behind complicated layers of protection. It gets so complicated that obvious mistakes are being made. When we at Clavister talk to our customers about their protection setup, we frequently find out that important security features in our products aren’t enabled. When asking the customers why we get answers like “oh, I didn’t know about that feature” or “I was supposed to enable it when I got the new release but then something else came up and I totally forgot about it”. The worst answer we have heard was “yes, I agree it sounds like an important feature but no one told me to enable it”.
One simple example of security flaws that’s often overlooked is software versions on devices. IT departments is usually very good at making sure that the Microsoft computers on your office network always has the latest security updates, since they know that this is a possible weak link in the protection. That’s all good and important work, but what about that web cam that was put up in your conference room four years ago, did you remember to update that one? With all the other tasks and things to keep in mind for the IT administrator, this could be something very far down in the list of things that needs to keep track of. Over time it’s simple to simply (but dangerously) forget about it. Here a weekly report of what kind of devices are actually connected to your network might be the thing that helps IT managers to be reminded to check for updates of all connected devices.
The most important thing you can do for your security is to get an overview of today’s protection that you and your colleagues understand. Colleagues that might not be that technically evolved, but still are stakeholders, need to be informed and engaged. This is a dilemma and something that Clavister have taken as a mission to solve. It’s why we’ve created the Clavister CyberSecurity ScoreCard. The idea with this tool is to give a simple to understandable overview of how protected you are and at the same time, it offers the possibility to drill down and get prioritized suggestions on how to improve.
The pure knowledge about your protection level could your best weapon when it comes to protecting your assets.
Welcome to Clavister CyberSecurity ScoreCard, try it today in Clavister InCenter Cloud.
https://www.clavister.com/cybersecurity-scorecard/
