On April 22, 2022, Ryan Spelman, Senior Vice President at Kroll, and Keith Novak, Managing Director North America Proactive Cyber Risk, published the article “Security Is In The Details” on LinkedIn. These gentlemen included several salient points that are easily accessible for the SMB owner, and I thought them prudent to review. I’ll sprinkle in some experiences we’ve had at Certified CIO, as well.
Security Is In The Details
The crux of the mantra of Spelman and Novak’s work is that the layered efforts of cyberdefense must be implemented—correctly—and in concert with other layers. While no amount of cyberdefense is impenetrable, a poorly implemented cybersecurity plan leaves much to be desired.
The authors use multifactor authentication (MFA) as an example: they were able to exploit an error caused by sloppy integration by the installing technician to hack into a physician’s account.
So, if they had MFA, what detail was missed?
In this case, the physician never worked remotely, and therefore, never received a prompt to enroll their own mobile device. The organization neglected to expire the physician’s ability to enroll, thereby leaving the door open for the tester to enroll months later. When we dug a little further, there was also no process to validate that this physician granted remote access even required it.
Yet, we recommend the use of MFA to every customer. In fact, many cyberinsurance policies require MFA due to its strength in withstanding assaulting malicious actions. But it must be installed correctly and alongside other defensive posturing.
Spelman and Novak also detail what they refer to as “overly permissive” firewall rules. As a firewall is a device or software that allows or blocks network traffic based on set rules, a poorly integrated and implemented firewall could allow dangerous traffic to pass. In setting firewall rules, the authors note:
“There may be no more critical device in your defensive arsenal and no better representation of the details matter concept.”
This is why at Certified CIO our team of experts have policies and procedures that outline the setup of firewalls designed by a security professional and customized per customer. Our team knows that the most expensive, bells-and-whistles filled firewall device is little more than circuits in a rack if implemented in an incorrect manner for that company or organization’s specific architecture.
The authors additionally outline 5 issues that they most often find in their IT detective work:
- Overly permissive rules allowing inbound access to systems
- Public facing Remote Desktop Protocol (RDP) services
- Lack of a DMZ (a secure network zone for public facing systems)
- Outbound rules that allow any internal systems to connect to any external system on any port
- Servers granted unrestricted outbound internet access
What does that mean for my SMB?
If you’re unsure what Mr. Spelman and Mr. Novak are talking about, that’s okay! But we do recommend giving a professional, reputable IT company a call to see if your business or organization might be suffering from these common maladies.
Mr. Spelman, we couldn’t agree more. For IT, without a doubt, security is in the details.