- Cyberthief observes an employee entering their userid and password while they are at an airport, coffee house, hotel lobby or at a conference.
- Cyberthief logs onto the employee’s company network and finds an internal web server that they can compromise. In the USA Story they added a link to an internal employee website that discussed a charity.
- Unsuspecting employees clicked on the link which took them outside their internal network and downloaded a program that basically dumped their My Documents folder over the Internet and into the hands of the cyberthieves.
Some questions for all of us and a few comments:
- Many companies are still employing a hard-outside, soft-in-the-middle approach to security. Once a firewall is bypassed the cyberthief has unfettered access. That’s why security professionals push for “defense in depth”. Clearly, in the case above network monitoring tools could have seen the unusual jump in connections and data traffic and perhaps started shutting down ports or the internet connection. Are you taking a defense-in-depth approach to your network security?
- Look at you’re My Documents folder right now. Anything in there that you wouldn’t want a competitor to see? Yes? Is it encrypted? If not, why not? How are you going to protect yourself against this type of attack? (As I write this I am busy encrypting a lot of files!)
- How strong is your front door? Are you still only requiring a username and password to access your network remotely? If you are using some sort of two-factor authentication like a smart card or one-time password token then you are ahead of the curve. If you are not, then you are protecting your network with the equivalent of a screen door. I’d bet that 95% of cybertheft could be prevented if companies deployed two-factor authentication.
Don’t just think about it. Do something before it is too late.
security, two-factor authentication, authentication, authorization, identity management