Just when you think you’ve gotten all your information security controls in place, your network gets breached, and it wasn’t even because of a weakness in your systems. It was because one of your third-party vendors got hacked. In August, the Syrian Electronic Army (SEA) attacked the New York Times and eight other organizations via a third-party vendor once removed.
Network Security Breach: Who to Blame?
According to the Ponemon Institute 2013 Securing Outsourced Consumer Data Report, 65 percent of organizations surveyed had a network security breach involving consumer data outsourced to a vendor, and 64 percent say it has happened more than once. That’s why you’ve got to know about the IT security policies of your third-party vendors and the ways they handle network security issues with their vendors.
The way the SEA attacked these media outlets is just one of the many ways organizations get breached via their vendors. The New York Times breach came about through its relationship with VeriSign, from which the Times purchased its domain name, nytimes.com. VeriSign delegated control of the New York Times Internet traffic to Melbourne IT. Melbourne IT delegated that same control of the New York Times Internet traffic to numerous Internet Service Providers. One of those providers is an ISP in India. Hitting the weakest link, the SEA executed a spear-phishing attack on the Indian ISP, and successfully obtained an administrator’s username and password. With that information, the attackers moved up the chain to successfully attack major media outlets and other companies.
The SEA attacks affected each media organization differently. Organizations are attacked all the time. However, that doesn’t necessarily mean attackers can affect protected networks. That depends on the security precautions the attacked organizations have in place. That’s why it is so important to meet with a professional information security consultant to assess everything in your network and make recommendations. The SEA attackers were able to deface the New York Times’ website, cause sporadic downtime and redirect visitors to nytimes.com to an SEA website featuring the SEA logo.
Network Security Breach: What to do.
Even if an attacker obtains an administrator’s login credentials, he can’t necessarily get into an organization’s website if certain precautions are in place. If an attacker can enter an organization’s network, with 24/7 IT security monitoring, he could be blocked before any damage is done to the network. There are many steps organizations can do to protect themselves from attacks, but few are aware of them. That is why one of the best things you can do to protect yourself is to meet with an IT security consultant to assess your network, your vendor management, partners and their information security controls. Your weak link may not be your own network but your “cloud” or your “trusted partners.”
At Dell SecureWorks, our IT security consultants will review your entire system to let you know what you need, as well as what systems to check for vulnerabilities within your total network. We will conduct a thorough vulnerability assessment of your people, processes and procedures. We’ll delve into your entire system with a fine-tooth comb to help you consider the various precautions you can take to secure your network. Network security “best practices,” vulnerability scans and penetration tests are all necessary, but they miss fine points that only a human can give you. For that, you need an IT security expert, not a jack-of-all-trades. We do nothing but security 24x7x365.