An Eight Step Network Security Assessment for a Secure 2015
Is your organization poised for the network security threats of 2015? If you’re not thinking about security, here are a few statistics from PwC that may spur some action:
- The compounded annual growth rate of security incidents is 66% year-over-year since 2009, with an increase of 48% this year alone.
- Insider security incidents are up this year across the board, with current employees leading the way.
- While network security threats continue to increase, security spending is mostly down. In fact, companies with less than $100 million in revenue reduced their security investments by 20% over 2013.
The first thing you should do in combatting network security threats is to conduct an audit. A network security assessment will help you determine the steps you need to take to prepare yourself, your organization, and your network for the threats of today and tomorrow.
- Recognize your organization’s current digital footprint. Document your electronic footprint on Internet, both the visible spectrum as well as the IRC/ICQ message channels, and other groups. Identify and pinpoint potential areas that may be vulnerable to information disclosure or compromise by gathering all the intelligence you can about your organization, employees, partners, other stakeholders, and infrastructure the same way malicious hackers do.
- Assess vulnerabilities of employees, partners, and other stakeholders. Analyze and evaluate what you learned from assessing the vulnerabilities of employees, partners, and other stakeholders, and then identify potential problems.
- Assess the vulnerabilities of networks, applications, other IT resources. Document and analyze your entire IT infrastructure to find the weaknesses and potential issues.
- Conduct comprehensive scanning of ports, vectors, protocols. Conduct a comprehensive scan of all ports on your network to identify the IT counterpart of open windows and unlocked doors. The most common malicious network scans search for vulnerabilities in a standard range of 300 ports on a network where the most common vulnerabilities are found. (However, you may have over 60,000 ports on your network that can be suspect.)
- Understand how your network interacts with outside parties. Try to access your network as an outside party might. See what your network requests in terms of information and how easily it can be satisfied.
- Probe your internal network weaknesses. Assess interaction with internal networks. Unfortunately, internal people do malicious things too.
- Review wireless nets, including Wi-Fi, Bluetooth, RFID, rogue devices. Wireless nets, rogue devices, and removable media all present vulnerabilities. If a hacker leaves a USB flash drive containing malicious code in your lobby, someone will likely pick it up and innocently pop it into a system on the network to see what’s on it. That’s all it takes to compromise your network. Check out these blog posts on Wi-Fi security vulnerabilities and Bluetooth vulnerabilities, and you’ll see what we mean.
- Assess and educate employees about social engineering attacks. This includes policies around behavior, like picking up flash drives left lying around and using social media.
This may sound like a lot of work, and it is. But hackers make it their job to breach your computer network security, and you want to make it as difficult as possible for them. Remember… they don’t play by the rules. Make 2015 a safe, secure and profitable year!