Mike Dodd, Dioltas Advisory Board Chairman
Imagine it’s a beautiful spring day (don’t worry—those days will be here soon!) and you open a window at your house to let in some fresh air. You open another window in your kitchen so the whole house doesn’t smell like the garlic you’re sauteing for your famous homemade marinara sauce. Also, since you’ll be going on vacation soon, you just gave a spare key to the dog sitter, who will take care of your pooch while you’re away. Whether you thought about it or not, you just created security vulnerabilities. Sure, you plan on closing those windows and getting that key back, but what if you forget? Suddenly, you’ve created ample opportunity for someone to easily break into your home.
The same thing happens in computer networks. Network access is given to a contractor for a few weeks. A visitor is given access for an afternoon. An employee retires and, while their access should have been rescinded, it wasn’t. Much like your home, these access points create openings for bad actors, looking to steal data or otherwise compromise a system.
In cybersecurity parlance, these temporary access points are called security exceptions. They’re incredibly common and there’s nothing wrong with them if they’re properly managed. That’s a big if! Many businesses and even some government offices simply lack the protocols to keep track of exceptions leaving those companies wide open to attack. And an attack is costly.
Consider globally, the cost of a single data breach can range from $1.25 to $8.10 million, according to DigitalGuardian.com. That could destroy a small to medium-sized company. For larger businesses or the government, the cost is far more than dollars and cents, it can have a crushing impact on reputation. Think of the recent SolarWinds hack that impacted 18,000 U.S. government customers. And the list is long including giants like, Target, Wells Fargo, Marriott, just to name a few.
“A robust cybersecurity protocol is a must these days,” explained David Lefever, CEO of the Mako Group, a cyber risk management company. “But some precautions are as simple as keeping track of who you allow to access your network.” Which brings us back to closing those windows and doors. Without access, it’s much more difficult for hackers to steal privileged information, which, probably not surprisingly, they try to do every day.
According to the FBI, on average, 1,300 complaints related to cyber breaches and hacking were received every day in 2019. The total losses in the U.S. topped $3.5 billion.
Solving this problem involves a comprehensive cybersecurity analysis and a well-rounded approach to keeping your network secure. One of the simplest things any business can do is to just keep track of who is allowed to have access to their network and when that need is over, to close that security exception. For a small business, it could be as easy as using a spreadsheet and programing reminders about when to close exceptions. Larger organizations likely need a software solution to keep track of the large volume of exceptions.
Our adversaries overseas are looking for network vulnerabilities to steal money and national security secrets. When it comes to security exceptions, the old adage, “an ounce of prevention is worth a pound of cure” is on point. Take small steps now to avoid a potentially huge problem. So, remember to close those windows and take back the house keys, secure your house, otherwise, you too could become a victim.