
Happy Halloween! Scariest IT Moments of 2017
Sometimes our biggest fears don't stem from the rise of the undead, especially when you're responsible for your company's network security. There are plenty of real 'ghosts' that seemingly live in the ether of your IT environment. We're recpping 2017's scariest IT moments, and providing a few tips so these don't happen to you. Now is the time to start stockpiling your arsenal, not after you've been breached.
KRACK Wi-Fi Vulnerability
We recently covered the KRACK Wi-Fi Vulnerability that made headlines earlier this month as its identification meant that virtually any Wi-Fi enabled device could be made vulnerable to exploit. This latest exploit also reinforces the importance of being prepared to execute both reactive and proactive patch management measures. When it comes to patch management, most firms do not have the internal resources necessary to effectively monitor, test, and roll-out patches. Companies – such as Eze Castle Integration! – can provide fully managed patch services to ensure software and firmware remain up-to-date and are proactively monitored to prevent security bugs and malicious exploits, reducing overall firm risk.
WannaCry Virus
Microsoft would have had a better year without this infamous virus that hit in the spring, affecting 150 countries and hundreds of thousands of machines. It indiscriminately hit hospitals, corporations, and home computers, encrypting important files and demanding a ransom to unlock them. WannaCry exploited a vulnerability in Microsoft's program that ended up costing about $1 billion in damage. The worst part is that this vulnerability was well known, making security updates a must for both software companies and their users.
Equifax Hack
More than 143 million people had their information stolen during this recent hack, and the company has already been hit with dozens of class-action lawsuits. The credit bureau received a notification to patch a certain bug in the government software they use, but the communication never made it to the appropriate parties. Equifax did use vulnerability scanners for their software that unfortunately failed to turn up the one that plagued their software. It points to a breakdown in their internal structure, which is likely why they weren't prepared for this type of fall-out.
Hurricane Havoc
Hurricanes affected companies through both physical destruction and business disruption. Whole network systems were lost from the damage. When a major storm hits, physical safety is always going to be the most important thing. However, when you know a hurricane is coming, the right prep work can safeguard you from both the proverbial and the actual storm. Talk to employees, and let them know what the plan is when a storm is coming their way. There needs to be a clear division of responsibility in your hedge firm and a contingency plan for your most important processes.
Gmail/Netflix Phishing
Google and Netflix both spend a lot on their IT security, but even they have their moments. One hacker managed to disguise a mass email well enough to fool a lot of people. Those who clicked on the shared Google doc lost the privacy of their login information and email account. Netflix had a ransom request from a hacker who gained access to a popular show through one of Netflix's vendors. When Netflix failed to pay, they released the season just as promised. Companies need to address social phishing with their employees, and they need to be careful about who they choose to do business with.
Delta System Outage
Delta continues to use technology that simply wasn't made for the volume of business they do, and their equipment failures cause hundreds of flight cancellations and thousands of angry customers. It's an excellent reminder for companies to update their technology before they have to deal with the consequences. Hedge firms who haven't moved their data to the cloud may live to regret it.