Protecting your critical business systems
Recent cyberattacks on the SWIFT international money transfer network have highlighted the dangers of malicious insiders or external attackers gaining access to key networks.
In the high-profile case of Bangladesh Bank, the attackers obtained valid credentials for operators authorized to create and approve SWIFT messages, then impersonated those operators to submit fraudulent messages. SWIFT has confirmed that their network, core messaging services, and software have not been compromised; rather, the security issues relate to practices at the Bangladesh Bank.
The SWIFT situation got me thinking about some tips for protecting key enterprise systems generally, not only payment systems.
Here are my top tips:1. Assess your environment.
To have any sort of control over your network, you need to become familiar with what and where everything is and what it does. Document this information and keep it up to date. Create an accurate list of all devices and protocols that are running on your network. Then evaluate where your greatest security risks lie. Don’t forget to include any third-party vendors who are involved with your network. Develop a governing security policy for all technology within your business. 2. Segregate key systems.
You might consider segregating any key system or systems, for example, if you’re a manufacturer. Think about whether or not your manufacturing equipment needs to be connected to the Internet, because any connected computer within your network is potentially at risk from viruses or external attackers. Remember, if a system is not connected to the Internet, you’ll need to establish a routine to apply software updates and patches if these essential activities do not happen automatically. Also make sure to regularly validate and patch transactional systems or devices associated with your mission-critical system, such as printers. 3. Carry out integrity checks.
Your normal maintenance procedure should include integrity checks. These should be designed to ensure that key applications have not been modified. Review logs and validate versions of software to ensure nothing suspicious has been going on in your system. Look for unusual software installations, updates, account changes, or other activities outside of expected behavior. 4. Know what normal is.
To do integrity checks successfully, you need to know what normal behavior is. For example, your network might start to run slow which could be due to hacking activity, but if you don’t know what normal looks like you may not recognize it. Start by establishing a baseline for normal performance, then think about an alert methodology. Follow this up with reporting and analysis. 5. Monitor transactions.
Again, this is about knowing what normal is. For example, if your system normally handles $500,000 per month in transactions, your transaction monitoring can be set to alert you when it swings higher or lower so you can investigate. Ensure you understand your transaction participants, amounts, frequency, and timing. 6. Have a plan.
Develop a back-up plan in case the system fails or has to be taken down. Test it and make sure it works. Ask yourself: if something bad happens, how do we respond? What are the procedures, who needs to be contacted, and who are the experts that can help? Think about how you’ll contact key people if your systems are inaccessible. Last but not least, to help limit the damage, think about how you will restore services and data as quickly as possible.
See also my earlier post about boosting security for manufacturers.