Recent hack of a water treatment facility highlights the importance of cyber attack prevention
About a month ago, a hacker gained network access to a water treatment facility in Florida and appears to have attempted to poison a city's water supply by increasing the amount of sodium hydroxide—a terrifying prospect that came all too close to coming true. The breach, as well as hacking attempts on other institutions that run our country’s critical infrastructure, highlights the vital importance of knowing how to prevent cyber attacks for all businesses and public utilities. Because while it's too easy to shrug off cybersecurity protocols, and the risk of a hack can seem small, in fact, cyberattacks are increasingly more sophisticated, and businesses can be even more vulnerable when utilizing remote access software platforms or software that has reached its end of life.
I spoke with our own Shannon Mayberry, IT Security Manager for Locknet® Managed IT about the lessons we can learn from this cyber attack on Florida's water treatment plant, the danger of cybercriminals exploiting operating systems that have reached their end of life, and steps companies can take to protect themselves.
Lessons and opportunities abound when it comes to cyber attack prevention
As with any cyber attack, there are lessons to be learned from the experience—knowledge we can all use to better protect our organizations from cyber attacks. So, what are the big lessons here? Mayberry says if remote control software is required for your organizational operations, be sure to review and secure it.
"Put in mitigating steps as outlined by CISA and NIST to ensure that if remote control software is needed, the scope and usage of the remote control software cannot be performed by unauthorized users," Mayberry explains. "A review and set of controls should be defined before any software is allowed into an organization so that the risk is understood and mitigation plans can be put in place. The biggest lesson here is, if you are going to use remote control software, make sure it’s a robust and resilient platform that can have protections put in place." And while many organizations may consider cutting costs, Mayberry stresses that with so much at stake, it's essential to avoid the temptation to just go with the cheapest option.
Among the issues that could put your organization at risk: hacker exploitation of desktop-sharing software and networks running with operating systems that have reached their end-of-life status. How can you protect your network?
"Having a patching/software policy in place and regularly audited, as well as a device refresh plan can ensure that the organization will have current and stable platforms operating critical infrastructure," Mayberry says.
The Windows 7 end-of-life can also be a risk for companies that have not upgraded.
"Patching ceases to be deployed to an OS once it is termed end of life, at that point, it can become easier to gain footholds and perform the lateral movement to other, more critical devices," Mayberry explains. "As part of your overall information security program, an organization should have provisions and planning in place to refresh systems that are reaching end-of-life. First and foremost, companies should be working with software/hardware vendors to ensure that those limitations can be removed and operating systems that run these systems can be upgraded. If due to software limitations this is not feasible, controls should be identified to prevent issues in the event of a compromise, such as air gapping a device from the general network."
Risk aversion and understanding your potential network vulnerabilities
Mayberry also says this incident should also inspire companies to consider their risk aversion. A good place to start is to take a hard look at what you're utilizing on your platforms and whether there are controls available to prevent unauthorized access. And just as importantly, it's vital to check whether those controls are being used. You should also consider:
- Is there reasonable security built into the application, but your organization isn't using it due to inconvenience and ease of use? If so, is the organization okay with that risk?
- Does the cost of the risk outweigh the organization's need to purchase and implement stronger applications that have better controls in place?
- Who is reviewing systems and settings for the organization? Have they checked off on it? This can also raise awareness of Shadow IT happening in organizations.
- Are systems locked down and reviewed to ensure that applications that have been approved by IT Security have been installed?
- Are there checks in place to prevent unauthorized software from being installed? And, is anyone watching for the installation of unauthorized software?
To better manage your risk, Mayberry suggests the following two steps:
- Review your Information Security program and ensure that there are provisions in place for dealing with end-of-life operating systems and software.
- Conduct a regular software review to ensure unauthorized or unprotected applications are not installed in your organization's network. If they are, have an action plan in place. That way, if there is a need for these applications, at the very least there are controls in place to mitigate potential issues.
Ready to address your risk and prevent a cyberattack?
When you're ready to know your company's risk for a breach and prevent a cyberattack on your network, the experts at Locknet Managed IT can help. Contact us for an internal vulnerability assessment, which can help you better understand your organization's software and other network vulnerabilities. From there, we can help you put together a comprehensive plan to shore up your network's security and take other steps for cyber attack prevention.
