The hackers (Guardians of Peace) that took credit for the Sony hack gave significant amounts of insight into their actions. Rather than trying to slink away undetected, they trumpeted the hack. One of the things they mentioned was that they had a lot of help from insiders; allowing physical access to computers and devices on the network. If you haven’t read a description of the StuxNet attack, the insertion of code via a USB memory stick was reported to be one of the most important parts of the attack.
How are you protecting your network from these types of attacks? Are you disabling USB access? Are you educating everyone in your company about the hidden dangers of using an unknown and unverified USB – potentially one picked up at a tradeshow? Are the access control systems tied into the security surveillance cameras? Are you monitoring odd access – as an example: an employee whose access card is used at 3:00 am even though they have never been there after 10:00 pm or before 6:00 am? Do you have a strict policy for stolen access cards? Who checks your contractors to insure that the janitors aren’t working for a bad guy – not only inserting a USB, but taking a picture of any passwords written on sticky notes next to computers or under the k
Information security can be a tricky subject with a lot of gray area. Many people misunderstand the components of cybersecurity, but understanding is the first step in establishing proper defense.
Education and diligence will go a long way toward making your facility more secure!