Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.
December 1, 2016
NEW YORK -- Service Provider & Enterprise Security Strategies -- Merger and acquisition activity may be financially rewarding but it can actually create and contribute to enterprise security risks, Verizon Enterprise Solutions' Christopher Novak warned today.
The Risk Team director said many data breaches, including some that last for months, have targeted assets that are networked but not covered by company security solutions, often because the corporation is unaware of their existence.
"We call that 'known unknowns,' " he said. In a recent post-breach investigation of a large customer, for example, Verizon Enterprise Solutions 's managed security services team found 40,000 endpoints that weren't included in the company's asset inventory, and those unknown assets become major points of vulnerability because they can be left unprotected.
Figure 1: Verizon Enterprise Solution's Christopher Novak
Often, Novak said, the post-acquisition environment brings unprotected systems under the umbrella of the new company, where no one is familiar with how they operate but there is reluctance to disrupt what seems to be working.
"The threat actor can move into that environment with relative ease and it becomes the hacker's playground," he commented. "Because the company doesn’t know these assets exist, they often aren't being protected or patched, and they may be exposed to the Internet without going through proxies."
Companies often don't know where their sensitive data -- the intellectual property or other information that is valuable to bad actors -- is stored or whether it is protected properly, Novak added. A lot of this seems like Security 101 but it continues to contribute to data breaches.
The urgency to see best practices implemented more universally grows as more things are networking and therefore risks increase. Novak cited industrial control systems such as automation of traffic lights and networked medical devices as the next generation of threat targets, with potentially devastating results.
"Imagine if someone decided to turn all the traffic lights in Manhattan red for the day," he said. "It would be a disaster."
But not all threats are new -- good old-fashioned phishing still reaps rewards, producing 900 data breaches in the most recent Verizon DBIR, Novak said. One third of enterprise workers opened phishing messages and 13% clicked on attachments -- human behavior that can undermine the best of networking protections.
— Carol Wilson, Editor-at-Large, Light Reading
You May Also Like
Rethinking AIOPs — It's All About the DataMar 12, 2024
SCTE® LiveLearning for Professionals Webinar™ Series: Fiddling with Fixed WirelessMar 21, 2024
SCTE® LiveLearning for Professionals Webinar™ Series: Cable and 5G: The Odd Couple?Apr 18, 2024
SCTE® LiveLearning for Professionals Webinar™ Series: Delivering the DAA DifferenceMay 16, 2024