Facing the Reality Of Security Backdoor Attacks

Hackers, ransomware pirates, and just about every type of cybercriminal loves a backdoor. Why? A backdoor lets them enter your computing environment, network, servers, routers, PCs, phones, tablets, cameras, security monitoring systems, or any other device that has a CPU, without you knowing. So why don’t we just close the backdoors? The short and sad answer is that we do not know about them.

Security backdoors exist at the hardware level, the software level, inside applications, and the big winner for backdoors is Internet of Things (IoT) devices designed and sold for ease of access a.k.a. easy to get around those pesky security rules. If you have a Cloud connected camera, thermostat, monitoring device, DVR, or other easy to setup and easy to view or manage thing, you have a backdoor. If you have an unsupported operating system, unpatched BIOS, drivers that are three years old, or one of a thousand other maintenance issues, you have a backdoor. Now what?

The reality is that your network will likely always have some sort of backdoor because you cannot inspect every device down to the microchip level. There are plenty of news stories showing extra chips being added to many devices on manufacturing lines, just search spy microchip to understand the scale of this hardware level security backdoor threat. This means awareness, implementation and operating standards, as well as polices that enforce secure end user practices are your best weapons against security backdoors.

Awareness of security backdoors comes from implanting your own network scanning and monitoring devices, applications, tools, and procedures. Moreover, deploying good antivirus, end point auditing, and proper network design including segmentation, multiple firewalls, and quarantine zones can help you learn about and automatically isolate or disable backdoors. Awareness also comes from your third-party auditors, your trusted penetration testing partners, and regular training to keep your IT staff up to date on backdoor trends and mitigation strategies.

Implementing operating standards means that every firewall, router, server category, end pint, access point, everything that touches your network is configured and patched appropriately for the device type. The goal here is to eliminate missed patches, close unused network ports, and provide a known baseline for all of the attack points you are responsible for. Operating standards also supports IT employee transitions, expanding or reducing staff counts, and serves as one of the KPIs in your third party outsource or management contract. If you know, monitor, and measure your own standards enforcing them is substantially easier.

Lastly, you need polices. Policies for end point users, such as complex passwords that must be changed every sixty days, or the use of multi-factor authentication mechanisms. Polices that prohibit adding anything to the network without prior IT approval. For example, how many smart speakers are on your network today? Is it okay that they are on the guest network? How can you be sure they only connect to the guest network? Being honest, a policy may not prevent someone from doing something stupid, but it will provide an enforcement mechanism for you to stop the stupidity.

The idea that security backdoors will exists does not mean you should give up. Rather knowing they will exist provides the support for tools, skills, and knowledge to find and close them. This truth means closing the doors requires a budget line to support those resources. While policies, and operating standards are free to create, neither matter if you do not have the IT staff, third party partners, and other tools to enforce them. Thus, like everything IT and everything security, nothing is free. However, the cost of one backdoor on the CEO’s laptop, or the air conditioning system in your data center, or your primary firewall, can easily exceed your cyber-insurance policy payout and cause you to become the next viral stop doing business meme.

If you’re looking for IT solutions or help with your security, contact iT1 today to learn more about our Security Risk Assessment.

AUTHOR BIO
Dr. Mike Lewis serves as Chief Information Officer, EVP of Informatics, Security & Technology for Trillium Health Resources, a managed-care organization serving more than 350,000 members in North Carolina. He earned his Doctor of Management degree from George Fox University and is a former MBA adjunct professor at Maryhurst University. Mike has worked in the IT field for more than 25 years with stints at IBM, Merisel, and Dell.