As the holiday season starts to ramp up, businesses are being warned about the need to secure their IT defences against the onslaught of hackers who are ready to take advantage of skeleton staff running IT departments over the holidays.
According to Michael Hamelin, chief security architect with Tufin Technologies, the security lifecycle management specialist the Christmas and New Year holiday periods are the times when the heavy-duty hackers come out to play.
"And whilst you are doing your shopping or putting your feet up, our research shows that the would-be Neos of this world stop watching their DVD box sets of Matrix, and start hacking business computer systems. Our survey of 79 hackers at the annual Defcon 17 event in Las Vegas back in August revealed that 81% of the hackers view the holiday season as the ideal time for hacking business computer systems."
Whether this is for mischief or criminal purposes, the effect is usually the same, said the security professional, adding that businesses come back to the offices after the holidays to find that the hackers have caused havoc with their IT systems, as well as gaining unauthorised access to the system's data.
Tufin's research revealed that 52% of hackers said they preferred weekday evenings to gain unauthorised access to computer systems, whilst 32% hacked away during weekday office hours, and just 15% spent their weekend breaking into online systems.
"It is received knowledge in the security world that the Christmas and New Year season are popular with hackers targeting western countries," said Hamelin, adding that hackers know this is when people relax and let their hair down, and many organisations run on a skeleton staff over the holiday period. 96% of hackers in the survey said it does not matter how many millions a company spends on its IT security systems, as it is all a waste of time and money if the IT security administrators fail to configure and watch over their firewalls.
86% of cracker respondents felt they could successfully hack into a network via the firewall; a quarter believed they could do so within minutes, 14% within a few hours.
Just 16%, meanwhile, said they would not hack into a firewall even if they could.
"This may be stating the obvious," said Hamelin, "but poorly configured firewalls remain a significant risk for many organisations. It is not the technology that is at fault, but rather the configuration and change control processes that are neglected or missing altogether.
"Best practice suggests you should test and review your firewall configuration regularly, but many organisations fail to do so."
Validating the frustrating gap between compliance and security, 70% of the hackers interviewed said they do not feel that regulations introduced by governments worldwide to implement privacy, security and process controls have made any difference to their chances of hacking into a corporate network.
Of the remaining 30%, 15% said compliance initiatives have made hacking more difficult and 15% believe they have made it easier.
Tufin is offering some useful recommendations to make sure you do not become a hacking victim over the Christmas and New Year break:
1) Always test the firewall before holidays. Review and remove any unnecessary rules and objects, as Tufin's experience has shown that many of the firewalls tend to offer functionality that was not being used or intended. A test of the gateway and the firewall will reveal the services in use, which can then be reviewed and removed as required.
2) Restrict firewall services to authorised IP addresses. Restricting services offered to only authorised address ranges effectively hides their presence to the Internet, while at the same time still enabling the service to be used by intended users.
3) Apply latest relevant patches and workarounds. Attackers are often able to profile the firewall and VPN location and type based on the default ports in use. It is a high priority to keep a disciplined approach to patch updates.
4) Enforce session logging and alerting to detect attacks. Log and alert any and all failed port scans or attempted connections to VPN and firewall management ports. This will help to detect potential hacker attacks and take preventative action.
5) Spring clean your firewall policy. If any default ports are detected, organise a spring clean of the firewall policy configuration to ensure there are no hidden errors resulting from a default installation.
6) Set a limit on the number of failed authentication attempts. Lock out an account and raise an alert flag after a set number of failed authentication attempts.
© Technews Publishing (Pty) Ltd. | All Rights Reserved.