11 Sep A Lesson in Unpatched Firewalls
Firewall Policy Remains Important
We talk a lot about various malware forms and how they affect business operations, but let’s not overlook the impact intrusions have on utility and infrastructure. The digital age means more connectivity, but with said connectivity comes danger. Industries you wouldn’t expect can experience malware intrusions, and often involve critical things like power and infrastructure.
The problem
One such example was a cybersecurity incident at a US power grid occurring earlier in March 201?9. NERC, the North American Electric Reliability Corporation reported that a power grid system experienced random, uncontrolled resets to their firewall for a period of ten hours. Only when the resets occurred for a few hours did an investigation begin. While there were no critical losses of service, the reason for the intrusion was clear: the incidence occurred because firmware patches had not yet been applied.
Once the firmware updates were applied, the third-party resets stopped. However, the incident was a clear example of two things: improper cybersecurity policy and a lapse in updates. While no severe damage was sustained during this attack, it’s a clear demonstration of how small weaknesses lead to serious problems.
According to the report, the firmware update wasn’t applied as a review process (for vetting said updates) wasn’t yet in place. As you can see, this slight error in policy caused the intrusive issue. Imagine, then, if the malicious actor gained access to sensitive information?
The future danger
This occurrence is an alarm bell. It demonstrates how a few shifty bricks in the foundation lead to problems, and a signal flag to other companies which aren’t deploying policies in a secure, timely manner.
Does this sound familiar? If so, don’t worry, you’re not without a paddle. There are several things you can do to shore up your cybersecurity policies.
- Establish strict guidelines when approving and deploying patches, while simultaneously applying updates to software as soon as possible.
- Layer your network with segmented LANs and use VPNs as needed.
- Reduce access to internet from devices as often as possible to reduce intrusion risk.
- Conduct penetration assessments to identify weak points in your cybersecurity network and plan.
- Review and introduce backup policies and measurements as needed through services such as cloud or data centers.
- Filter and monitor incoming traffic to identify unusual activity spikes or similar.
Events like these are all too common in today’s digitally-driven era. In this instance, it was a power grid. Tomorrow? Another business with thousands of customer accounts or a city’s network. Anything is up for grabs, and this intrusion was another example of the dangers presented by weak cybersecurity policies.
If you’d like to learn more about good cybersecurity policies, you can contact us at Bytagig.
Sorry, the comment form is closed at this time.