The events of the first week in 2021 makes it feel like we have lived a month of the year already. However, we are only in the second week of 2021 and have already seen so many major events. Beyond living through the effects of Brexit, a 3rd national COVID lockdown, home schooling and several days of snow (for some), cyber security events of the last week have also been significant.
In the single week we have had the US accuse Russia of being behind the massive Solarwinds government and private company hack carried out in December 2020. District Judge Vanessa Baraitser blocking the extradition to the US of Julian Assange, the 49-year-old accused of leaking military documents back in 2010 and 2011. Researchers discover that the United Nations have a security vulnerability through GIT directories, exposing 100,000 employee records. And don’t forget the reports from just before New Year that the mobile giant T-Mobile were experiencing a ‘Malicious, unauthorised’ attack. These are just a few of what is a growing pattern of companies being compromised month on month.
However, the event of the week must be the scenes in the US of rioters breaking into the Capitol Building in Washington DC. Regardless of your political view, watching any such event can be emotional. Beyond the reasons for why the siege happened there are basic fundamental security lessons relevant for any organisation. For employees who have experience working in highly regulated environments, these lessons will sound awfully familiar.
The first is ‘Always remember to lock your PC’ when you leave it alone. It was reported that some rioters managed to get access to at least one lawmakers’ computer, that of Nancy Pelosi in the office of House Speakers. It appears that as the attack started some government officials left their desktop devices unlocked. With rioters left to roam the offices freely for over two hours, there was plenty of time for someone to infect computer systems or gain access to sensitive information.
The second is ‘To make sure there are numerous physical security doors’ to limit movement of unauthorised people. Common in the banking sector, employees are taught to continually challenge people who attempt to tag along behind authorised people through such barriers.
The third is ‘Encrypt your devices’, making sure your data is as secure as possible in case the devices get stolen. Reports post the riot on January 6th highlight ’electronic items were stolen, along with other documents’.
As a result of a single political statement, the aftermath of the event will take months to sort out. Implications for data loss, state and corporate espionage and federal security are huge, and will be costly. Such an event for any organisation would be the same.
If your organisation is concerned about the level of security they have and want to limit risk, get in contact with Fundamentals First to discuss how our Security Operations Centre can help.