Are Your Partners and Vendors Secure?
One of the higher-profile examples of island hopping happened in late 2013 when hackers breached the US retailer Target's point of sale system and stole payment information from 40 million customers. Between containing the breach, legal counsel, court settlements, and other expenses, this attack cost Target nearly $300 million.
But this attack didn't begin in Target's servers; it started in Fazio Mechanical Services'. Fazio Mechanical Services, a firm that provides Target's heating and refrigeration, experienced a malware attack shortly before Target's breach. In this attack, hackers stole email credentials and later used those to access Target's networks.
Steps you can take to protect your organization from island hopping
Heads of Cybersecurity say video surveillance components are the prime targets for cyber attacks, and bad actors use island-hopping tactics to access your database. As attacks become more frequent and more devastating, here are a few recommendations for avoiding a breach and keeping your information safe. With that in mind, one of the first places to start is employee training and awareness. Make sure you have policies, procedures, and best practices in place, and that your employees are familiar with them; doing this will help diminish the possibility of a breach.
- When it comes to your passwords, two-factor authentication is a must, as are avoiding default, generic, or predictable passwords.
- Back up your data to a location other than your computer, such as a USB kept in another building or to the cloud.
- Don't forget about other endpoints other than desktops and laptops. Your video surveillance IP cameras, door locks, and other access control devices and other network-connected lighting are all at risk, too.
- Be aware of phishing schemes, and don't click on links from suspicious or unknown sources. They may be trying to steal your personal information, like login credentials. Employees should understand what types of requests they are likely to receive and report suspected emails when they arrive.
- Similarly, to protect your data from malware, keep your software up to date, including your antivirus software.
- Don't grant vendors or customers access to your networks and servers unless necessary. Some organizations have even started placing specific cybersecurity standards in contractual agreements for companies with which they do business.