In the digital era, every company is considered a technology company. Whether you provide electricity, banking or public transportation, you are increasingly dependent upon the internet and network connectivity. If all companies are technology companies, that means all companies need to prioritize cyber security as a strategic imperative to ensure they are connected, digitized and successful. Every organization should focus on two cyber security fundamentals: Understand what’s going on, and know the simple actions you can take to facilitate better cyber security in your environment. We can leverage the network to enable both of these fundamentals. To do so requires good network hygiene.
We’ve been working to draw attention to the hidden security risks organizations face by not properly maintaining their aging infrastructures and patching vulnerable systems. The trends lead us to believe we should expect to see more of this activity in the future – with widespread attacks that target not only traditional servers and endpoints, but also the network itself. This future activity will bring with it significant consequences affecting not just enterprises but entire industries.
An organization can no longer make the assumption that its network infrastructure is secure. Factors such as TA16-250A, WannaCry, the Presidential Executive Order, the Modernizing Government Technology Act of 2017 and the recent Equifax breach make it clear that attacks are escalating and business leaders must be proactive and demonstrate security diligence. Infrastructure of the past was not built to withstand the threats of today’s landscape. It is crucial that every organization – regardless of industry – verifies the security and cyber resilience of their network infrastructure that drives their business and, collectively, our global economy and national security.
Although it’s expensive to incorporate updates, the costs of ignoring aging infrastructure can be potentially devastating – in the form of lost data, revenue and customers, destruction of service and, ultimately, consumer trust. It is crucial to update and regularly patch all hardware and software within a network to enable proper and safe connectivity, communication, operations and overall management. Waiting to take action and hoping that you will not be breached is no longer an option in today’s world.
Systems that were designed, built and deployed in decades past didn’t anticipate the hostile security environment of today. Until now, very few have thought about securing infrastructure because they didn’t think adversaries would target these systems and devices, or they had “higher priorities” to fix. This must change.
Outdated components and software provide an opportunity for attackers to breach networks ‒ increasing risks for unpatched machines and some legacy operating systems at end of support. Be sure to choose trustworthy vendors and technologies that allow the network administrator to verify devices are genuine, unmodified and operating as intended.
Keeping your network up to date provides a place for visibility, policy and control for the things that are coming online. Visibility helps us understand day-to-day behavior. It’s crucial to leverage the network to segment assets and functions in order to reduce exposure and create observations and control points. This helps execute on the second fundamental I mentioned above – know the simple actions to take to facilitate better cybersecurity in your environment. When things are out of the ordinary, the network can enforce security policies that allow the right users and devices to get the right access and contain the impact of a potential attack.
Every organization must assess the overall strength and cyber resilience of their deployed infrastructure and systems. This process likely will be eye-opening, but it’s a necessary reality check. Organizations that proactively improve their security posture will be better positioned to meet today’s threats and prepare for tomorrow’s challenges and opportunities.
If you would like to speak one of Nebula's security experts, please contact us.