Don't Let Data Collection be a Trojan Horse that Exposes Your Business
Cybersecurity is largely about identifying vulnerabilities and risky practices, ideally before hackers have the chance to find and exploit them.
I was quoted extensively, along with experts from Deloitte, Schellman & Co., Sikich and Markel, in a story for SC Magazine on how data and the supply chain drive hidden network threats.
Click the image below to read the full article.
Collecting data is essential, but more data can mean more problems. And outsourcing that collection to third parties can be dangerous without the proper vetting. I elaborate on my thoughts on these topics below.
Data intake needs to be handled properly
In this day and age of analytics, IT executives sometimes think more is better when it comes to collecting data on network traffic and users. But collecting network data without some care and foresight can create new vulnerabilities and crash the network.
If an SNMP has settings that are cranked up too high, the network performance may suffer. Wireless controllers managing thousands of access points could fail with the CP running up to 100 percent. A reboot will temporarily rectify the situation, but the network will eventually fail again.
If the people who are in charge of network management and analytics are on a different team than those that run the infrastructure, as is the case with many Fortune 500 companies, communication breakdowns can easily occur.
Controllers have trouble keeping up if probes are programmed to request large amounts of data on a frequent basis. To have adequate network data for cybersecurity monitoring does not require frequent full reports from your gateways.
The more granular you can get in harvesting only the data that you want, the less stress it will put on the network. You want to avoid mass sweeps of a lot of data as it is an inefficient means of getting what you need.
Beware of the third-party animal
IT is becoming such an outsourced and cloud sourced industry. Some IT professionals don’t think about the fact that every time we add a third-party tool, it gives some access to the network and creates a threat vector.
Since it can be tricky to configure manually, you may be tempted to outsource data collection to a product or service. A network analytics vendor needs to be extremely well vetted, and you have to take special care to only give them access to what that vendor needs for their tools to work, and nothing more.
Demonstrate the concept of least privilege
Analytics vendors sometimes lead to a third-party data breach. Often the vendor was added without too much thought, under the guise of simply assuming “more data is good.”
It all comes down to what problem you’re solving. Sometimes IT executives aren't clear enough about the problem they're solving and rush into a solution.
If a vendor is held to compliance-driven standards, they’re more likely to have security best practices in their environment. Many third-party companies have so much data and it can be mind-numbing, and you can get really lost in it.
Questions to ask yourself before capturing more data
If you think more network data can be useful to you and your team, here are a few of the many, many questions you need to ask yourself and your team before taking action:
- Is the potential risk of adding an analytics vendor outweighed by the value of the data we’re going to get?
- What specific network data do we need to solve the challenge we’re facing or to accomplish our objective?
- What is the best way to collect that specific data without taxing the network?
Your home office should be as secure as the main office
Prior to the pandemic, for the most part, everyone was contained at the office and able to easily transfer information that was protected by a firewall. All of a sudden the entire workforce, in many cases, is working from home.
So now you’ve introduced new endpoints in environments that can be exposed to home networks. If not set up correctly, you can unknowingly allow unfettered access from home network devices onto the office network.
We need to tighten access. It’s great you got it set up, but did you put in proper security access controls to only give specific access? Otherwise, by default, it will be left open.