In July 2018, CDW rolled out the third iteration of our Threat Check service. Since that version of the service rolled out, we’ve conducted hundreds of these assessments across a wide variety of companies and industries. In every case, we were able to provide our customers with new insights into the state of their cybersecurity postures.
We’ve also pulled together results from all of these assessments and found some common themes that occur across our customer base. Let’s take a look at the top five issues identified during our engagements:
1. Cleartext Passwords on the Network
This is a startling finding in an era in which all IT professionals understand the importance of both credential security and the use of strong encryption. Many of our Threat Check deployments found unsecured administrative interfaces to network devices, servers and other components that send credentials back and forth in cleartext. If our appliance is able to observe this traffic, so is an attacker who has gained an initial foothold on the network through a malware infection, a social engineering attack or other means. Organizations should immediately replace cleartext authentication with strongly encrypted alternatives.
2. Cryptomining Infections on Servers and Endpoints
Mining cryptocurrency is one of the easiest ways for attackers to monetize compromised systems. This becomes an even more critical issue in the era of elastic cloud computing resources, where a successful attack can quickly rack up very large computing bills. Organizations should adopt next-generation endpoint security controls designed to protect against the initial infections that can lead to large-scale cryptomining attacks. Additionally, a full defense-in-depth strategy, with layered controls throughout the environment, can help limit the impact of these attacks.
3. Outdated Security Policies
During a Threat Check engagement, we would also interview technologists to get a sense of the organization’s security posture. We consistently found that organizations had not updated their security policies to reflect the current threat landscape. For example, we often found systems that failed to enforce modern password complexity standards. Organizations should regularly review the policies they have in place and update them as necessary to ensure they are consistent with the latest security best practices.
4. Use of Anonymous VPN Services
We found a rapid increase in the use of anonymized VPN services from endpoints in our customer organizations. While some of this traffic is simply employees trying to bypass content filtering, other anonymized traffic could be indicative of malware command-and-control mechanisms. Organizations should implement controls that can analyze and block the use of these services to ensure their systems and data are fully protected from compromise.
5. Unused Security Features in Email Platforms
Finally, we saw that organizations aren’t using all of the security features included in their email platforms. For example, they often accepted default settings that allowed the download of email content to any authenticated mobile device, rather than restricting this access to devices covered by the organization’s mobile device management platform. We recommend that organizations carefully review the security settings of their email services, as well as any other cloud-based software platforms they use. Additional email security controls should also be considered to provide a greater depth in securing the accounts of frontline personnel.
This blog post brought to you by: