THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
It’s been well over a week now since the City of Atlanta, Georgia have disclosed that they have been under a ransomware attack that has crippled key services. The city is being held hostage until they can pay $50,000.00 in BitCoins to the hackers that have infiltrated the network. The attackers are forcing the police, water bureau workers, and maintenance crews to go back to basics and spending hours in order to write things out on paper.
While the ransomware has shown that there are vulnerabilities in any size organization, this is especially troubling when it is against those services that we all depend on. While there is an inconvenience to all because of the attack, ultimately Atlanta will get on with the business of taking care of the citizens of the city. Municipal Vulnerabilities While businesses are able to address issues that come their way in a timely manner, municipalities of all sizes run into an issue of needing to do more for less. This is one of the reasons that governmental agencies, organizations, or municipalities are so vulnerable to this type of attack. They spend their resources on helping their citizens, but IT Security is an area that seems to have been left behind on the way to making access more convenient. The issues can be varied depending on who you are talking to, but it will most likely come down to money or grants that will help pay for the needed improvements. While that is not an excuse for failing to protect a public network, it is the one most identified. If they had taken care of their security needs earlier, they would not be in the position they are in now. Process Improvements If there were any particular area that stands out in this attack, it has to be that they vulnerabilities that SamSam took advantage of have been out for a while. The IT Security group responsible for protecting the network failed to apply patches and update systems that had these vulnerabilities. The reason that will no doubted be the reason for this is that they are under staffed or they did not have the resources to do all the work that they needed done. This can be addressed by changing some of their processes and focusing on key areas that a businesses would focus on.
Aftermath While this incident is still playing out, and the ending still has to be written with the City of Atlanta. Other jurisdictions should take note about how they react to this attack. Whether it is the lack of resources or overworked personnel that are blamed for the ransomware attack, regardless, we can do better and we must. This should be a wakeup call for both cities and states and the need to focus on hardening their infrastructure in order to prevent these types of attacks occurring. Taking preventive steps in advance and addressing vulnerabilities as they are discovered could have gone a long way in protecting the Atlanta city network.
1 Comment
Understanding Scope
One of the keys to developing and managing the Asset Management Process for any organization is the ability to understand the scope or the complexity of the work that needs to be done. This can be accomplished in a number of ways, but the most effective process is to scan the end-point assets that are connected to the enterprise network with an automated scanner. If this is not available or if the business or organization are not able to purchase the software application to accomplish this task, the fallback method that nobody wants, is to use a spreadsheet and enter the information by hand. While this may sound like a fun way to waste a day by some, it is a waste of time and effort for your staff to continually update the document every time there is change or a new asset is brought online. (When you really need your staff to be looking at new ways to protect your network instead of putting out fires and doing data entry tasks). This can be a daunting task to say the least. With some businesses forgetting to track their assets across the company, or in most cases this is a process that has either just been implemented, or is now a requirement for some new regulation that the company has now to comply with. Moreover, you happen to be the one that has to comply with it. Now the real work begins… Asset Tracking The whole process will begin with an initial scan or an asset audit in which all systems in the business are categorized and assigned a tracking identifier. While asset tracking is one of the most mundane aspects of IT Security, it is a needed in order to make sure the business has a positive accountability for all of the resources that it owns or may be responsible for. The tracking process is used throughout the various areas of IT Security as a way to provide a list of those systems that the IT Security Analyst will have to make sure they account for and keep track of. While tracking of laptops or desktop workstations may be easy at first. The enterprise workforce is becoming more mobile are demanding the ability to do work in ways and by means that may not have been thought up when they gave you the job. Tracking Changes Tracking the additions and subtractions from your asset inventory is one of the keys to this process. Regular scans or inventory audits will help to provide your organization an accurate list of what is currently connected to the network. In addition, when you know what you have, you also know what you don’t. This helps in the management process and will allow the your IT Security Team or IT Department the ability to cross reference assets to the end users that are assigned to them. Information Needed While Asset Management is concerned with tracking the asset from the inventory room to the end users’ desk, it is not all that you will be concerned about when it comes to tracking those assets. There are some additional fields that will need to be filled in or tracked as well:
More Information Not LessIt is always good to have more information than not enough. The more information about the asset the support teams have may help in determining what actions may need to be taken. While some will see the task of gathering this information an onerous task, others will see it as a way of getting a handle on one of the most essential tasks in IT Security. Solutions While there are various solutions that a company could try to keep track of their assets, the important thing to keep in mind is the need to make it relevant to what your organization is doing and that the process is not cumbersome in order to manage. The process should be automated as much as possible with the content provided updated on a regular basis. The caution here would be in doing a manual process could lead to possible errors due to the entry of the data into the system. Summary In conclusion, how you manage your assets will directly reflect on how well your organization will handle other areas of IT Security. Knowing what you have, and where it is located are key aspects of this process. Asset management is not just looking at inventory, but it is a key process. Asset management lends itself to being the foundation of an Information Security Management System (ISMS). When assets come into the organization, they should be tracked throughout their life, and even when they are at the end of their life and disposed of. |
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|