Mitigating Security Risks for Distributed Enterprises Requires a Comprehensive Approach
The rise of the Internet of Things (IoT) and other technologies are presenting new ways for hackers to attack your company’s network — and an influx of security challenges for IT managers and end users to consider.
In Part 1 of this three-part security series — in recognition of National Cyber Security Awareness Month — I wrote about the foundations of network security, including the need for better detection at the branch level. Today, let’s take a look at some network on-ramps to monitor and protect.
1. The Internet of Things and Web Servers
The proliferation of the Internet of Things (IoT) has ushered in an onslaught of attacks on the web-based management platforms that run IoT devices. For years, companies have been producing consumer-grade devices with a focus on productivity, customer experience, revenue streams, and the like — but very little on security.
Many of the sleek, lightweight devices that have been made in the past several years are inexpensive and powerful enough to perform a plethora of functions, but are vulnerable to web application attacks or simple password brute force attacks. They lack even the most basic security tools — such as the ability to upgrade firmware if a security issue is discovered.
The industry is working to provide better devices with improved security. For instance, enterprise-grade Cradlepoint solutions support cloud-based services such as content filtering and secure VPN to protect your cellular network. That said, it’s equally important to carefully consider network architecture. A simple yet highly effective practice is to employ Parallel Networking. This network architecture physically segments (or air-gaps) routers onto application-specific networks, keeping these devices separate and more secure from pivot attacks.
Bluetooth, the wireless technology that powers a variety of hands-free applications, is a network on-ramp that hasn’t been watched very closely. Because of this, it’s poised to become a new favorite area of attack for hackers. Many mobile devices, laptops, and vehicles feature bluetooth technology, making it a prime target for malicious activity. In fact, because most of the bluetooth problems identified five to 10 years ago have been solved, many hackers are counting on a lull in security vigilance regarding Bluetooth-enabled devices. As a result, new bluetooth-related security challenges are emerging, including software vulnerabilities, the threat of eavesdropping via a camera or microphone, and other malicious attacks.
3. Public Networks
Failure to educate end users about careful network selection in public settings presents sizable risk. When an employee wants to work remotely from a coffee shop, airplane, or hotel room that offers free Internet, the potential for malicious activity is significant. A bad actor can pose as that location’s Internet access and serve as a gateway through which people access the web. With the ability to survey all the Internet traffic at a public location, the hacker basically is in control of everything. For instance, he can send people to malware-infected websites even though they searched for something legitimate. It’s very difficult to detect this type of attack.
Here’s the bigger issue for your company: When an employee whose device was unknowingly attacked at a coffee shop returns to the office and plugs in, now the company network is at risk. It’s very difficult to know what network your team’s devices have been using. To help mitigate risk, Cradlepoint routing solutions support cloud-based services such as content filtering and secure VPN to protect your corporate cellular network.
Where there’s a microprocessor, there’s probably a way to access it and do something illegal. Concerns are on the rise because microprocessors are everywhere. Within the IoT, devices have microprocessors. In USB drives, there’s a microprocessor. Hackers are developing ways to use those microprocessors to control IoT devices at such a low level that it can be very hard to detect the attack.
Every network on-ramp involves people. Security depends on everyone doing their part. Your employees should be educated about phishing attacks and suspicious and/or free USB drives. IT managers can routinely survey network architecture and monitor on-ramps. Cloud-based management platforms such as Enterprise Cloud Manager can help immensely. Amid the ever-increasing importance of the IoT, It will take a combination of efforts to keep distributed enterprise networks as secure as possible.
In my next post in this security series, I’ll tell some scary tales about additional holes in network security.
To learn more about Cradlepoint’s 4G LTE routing solutions with best-in-breed security, click here.