One of the largest security breaches in the world was the Target (News - Alert) incident in December of 2013. That attack resulted in compromising the data of 40 million debit and credit cards from Target customers. By all accounts the hackers accessed Target's network using login credentials that were stolen from a company that provided refrigeration and HVAC system work for Target. The company apparently performed remote monitoring at some stores, and the hackers used this access to upload malware programs in its POS system. This incident points out that every access point is vulnerable unless a strong security protocol has been put in place.
A new report, “Third-party Access Adds Vulnerability”, by Stuart Facey on scmagazineuk.com, clearly demonstrates nothing should be left to chance when it comes to protecting the network of any organization, no matter how big or small.
More than anything, Facey wants network administrators to have complete visibility of the network so they can control who has access. This includes vendors and support specialists that assist with the maintenance, installation and troubleshooting of IT systems.
Since criminals now know these third-party vendors don't have the best security system in place, they target them so they can piggyback to the organization they want to attack. With two thirds of data breaches linked to a third-party component of system administration, organizations must implement new methodologies in how vendors can access the company network.
The most dangerous component is remote access, which is used by vendors and shared among co-workers, with generic passwords that can be guessed or cracked using brute force. The problem also comes from complacency from these third-party vendors by keeping the same password even when there is a large number of employee turnover. This means systems can be accessed by these employees, whether the intention is good or bad.
Organizations must take full control of their network by providing a single platform for anyone accessing the network, two-factor authentication and an audit trail of every remote access with alerts.
The audit trails are essential because it sometimes takes months to discover there has been a breach. The Target attack was first tested on a small number of cash registers before it was unleashed to most of the company's POS system between November 27 and December 15. A strong auditing system could have found the unusual number of times it was accessing the network and taken appropriate action.
Hackers -- or anyone looking to break into a protected asset -- look for complacency more than anything. Even if there is strong security protocol, complacent applications of the system can make it vulnerable. This can be avoided with very strict security governance that makes no exception to following the system that is in place.
Edited by Rory J. Thompson