Blog / Network Security Basics
When it comes to network security, any service connecting to the internet can be leveraged.
One of the most common questions about network security that cybersecurity specialists get is how hackers can attack an organization. The unfortunate truth is that pretty much any connection a machine has to the outside world can be used as an attack vector. Of course, some vectors are better than others; email, for example, is typically heavily protected by spam filtering and malware scanning, and although those services aren’t perfect and need to be supplemented by team education to help defend against socially-engineered attacks or phishing, they nonetheless provide reasonable protection. At least, when it comes to email.
To be clear, the process of attacking a business’s email system remains a common-enough occurrence that it’s even earned its own acronym (Business Email Compromise, or BEC), but despite its ubiquity, what ultimately enables email to be used for an attack is the simple fact anything you open up to the wider internet has the potential for exploitation. That means when you deploy an app or offer an online service to clients, you’re also deploying a new attack vector for hackers. One would think that means the developers put adequate resources into network security and properly protecting their work, but the sad truth is that this rarely happens. But why not?
Generally (and unfortunately), the answer is poor project planning. Typically these “unexpected” attack vectors are the result of internal IT teams being pushed beyond capacity. That’s to say there’s a valuable, legitimate business need that requires external access be made available, but leaders underfund the project, provide unrealistic deadlines, or both. Doing things properly would mean additional costs and/or time, requests for which tend to get rejected.
Now don’t get me wrong; there’s plenty of valid reasons for providing outside access to internal resources, like enabling remote work. However, doing so needs to be done properly, not just to the point that it simply works. And that’s perhaps the biggest takeaway from all this; there’s no real “trick” when it comes to network security.
This week’s quote comes from one of The Bard’s lesser known works, the play Cymbeline; “But the comfort is, you shall be called to no more payments, fear no more tavern-bills.”
If you’d like help with properly planning network security for your next project, contact a TRINUS cybersecurity professional and get yourself some stress-free IT.