Cyber Basics: Up-Front Planning Reduces Headaches in the End
If you pass a fire station on any given day, you’re likely to see volunteers and other first responders preparing vehicles, checking hoses and other gear and generally performing any number of tasks designed to ensure everything is ready to go and that they are prepared to respond to an emergency at a moment’s notice as needed.
This same preparedness philosophy can easily be applied to the approach organizations should take toward their cyber awareness principles with regard to any project involving the installation of security solutions.
Every organization’s network infrastructure has allowed us to take advantage of smart solutions and other IoT devices to maximize the value of security solutions – not only from a physical security aspect but also from the perspective of operational optimization, which provides an organization with even more value and greater return on its investment. However, simply adding more devices to a network to generate more data and greater awareness isn’t helpful. Because the majority of these devices are network-based at their core, any organization must take caution to protect its network and the sensitive data it contains.
It is well known in the hacker community that certain devices and systems are more difficult to breach. As such, hackers have turned their attention away from these well-protected “big fish” toward the secondary systems and their devices, which are often less secure and provide a means and entry point into an organization’s corporate network. So for all the promise of the convenience and other benefits of the IoT has to offer, the downside is that the increased number of connected devices translates into increased risk of network breach.
Unfortunately, too many organizations today still fail to take the necessary steps to plan and protect themselves and their devices from potential attacks – in essence making hackers’ lives much easier. The solution is to work best practices for cyber-related attacks into up-front planning and long-term maintenance plans. But how can an organization do this?
While this discussion has many avenues and can be complex, there are some very basic steps that everyone – from the manufacturer to the integrator and the end user – can take to provide a level of protection. Remember, cyberattacks will never be fully mitigated. Therefore, the appropriate stance is to prepare as if it will happen not if it might happen.
The first step involves the simple fact that every device should be treated as a networked device. Many of today’s security solutions include devices, such as cameras, access control readers and others, that are not only connected to a network but in many cases could be classified as a server. Remember, these solutions have their own processor and process data from imagers or another source as it passes through, or even stores the data itself. Therefore, it is imperative that everything be treated as a truly networked device – rather than simply a physical security device – and for all networked devices to be subjected to the same cybersecurity policies. As such, it is critical that organizations involve their IT department to determine what their cyber policies are toward devices that are allowed to connect to the overall network. Even smaller organizations that outsource their IT operations can leverage their provider for guidance on what policies should be followed.
Sometimes these policies will include actual device and network settings that follow established IT protocols like those set forth by the SANS (Sysadmin, Audit, Network and Security) Institute. Other policies may require simple documentation of MAC addresses, password management tools and long-term plans and procedures for updating device software and/or firmware. For these reasons, it’s imperative that IT be involved in the process. At the very least, they should be consulted about how they enforce policies for cyber risks on both the network and individual networked devices.
We’re all aware of the botnet attacks, various malware and other means hackers employ to gain access to a network and data, and to set DDoS attacks in motion. This is largely made possible when hackers identify a vulnerability in software or a device that can be exploited to deploy any or all of the aforementioned attacks to a system.
To address this, an organization must first accept that any and all devices on the network offer the potential to serve as a conduit for these types of attacks. Upfront planning should include a selection of devices or solutions from those manufacturers who actively list and make available regular firmware updates as well as common vulnerabilities and exposures (CVE). The most vigilant manufacturers will proactively work to issue firmware updates to ensure that users have the latest and most secure device software version, which eliminates outdated code that may be susceptible to vulnerabilities and, by extension, attacks.
Additionally, the most proactive manufacturers also work hard to watch for and identify new forms of malware, learn how those new forms of malware can be and are used to exploit devices’ vulnerability and take steps to test and verify that their devices are not affected. They may also issue additional firmware updates and patches to address specific vulnerabilities. These CVEs are typically found on manufacturers’ websites and should be incorporated into any company’s long-term plans for monitoring risks and proactively checking with device manufacturers for updates and notifications.
The reality is that installing and configuring a system to protect against cyber risks isn’t always easy. Tools and capabilities that enable ease of installation are often at odds with cyber protections for devices and systems. As a result, installers often forego ease of installation in favor of providing protections that ensure stronger cybersecurity for their customers. While this is certainly less convenient, making this small sacrifice up front can yield great dividends in the long run should an organization find itself the target of a cyberattack.
However, in recent years manufacturers have developed and designed tools that can make setup and configuration easier by enabling population of credentials to multiple devices simultaneously. Perhaps more importantly, these tools also allow an organization to update its devices to the most current firmware to ensure they are running the latest firmware or software to protect against the inevitable vulnerabilities that surface all the time. So when building your team to install and deploy a solution, look for partners who have a program in place and who are using the latest tools to simplify setup while also providing long-term protection.
These are just three of the many considerations integrators and end users can and should take when planning against cyber threats. In approaching the process, you would do well to take a page from our first responders’ book and make certain to include cyber preparedness as part of any installation strategy and continue to be vigilant in preparing every day after a device, solution or system goes live. Only then will you be prepared to put out the inevitable fires a cyberattack can cause.