The National Cyber Security Centre (NCSC) has published an alert of a significant risk to IT systems and infrastructure. Attackers are exploiting vulnerable Small Office and Home Office (SoHo) devices at organisations to leverage attacks. Typically, SoHo devices (broadband routers etc) do not feature the advance security protection of enterprise level IT systems, thus making them an easy target.
There are additional risks for smaller organisations, particularly if using out-sourced IT support, as there may be a gap in testing of vulnerabilities, and application of firmware updates to these devices. Some devices also allow administrators remote access to the device, which can be easily exploited.
Larger organisations also need to be cognisant of any smaller SoHo type device connected to the main IT network, such as those provisioned for remote support to specific applications or servers e.g. for Operational Technology (OT) or Building Management Systems.
Key Points
- Out-sourced IT support requires mandated and effective IT security management of the infrastructure, which should be included within a formal service level agreement (SLA).
- Networking equipment must be regularly checked for firmware updates, and administrative remote access disabled.
- Annual penetration testing can be a false assurance unless it is supported with additional, frequent vulnerability scanning. Contact TIAA Digital for independent advice and guidance on pro-active measures that can be bolster cyber security, such as “vulnerability scanning as a service”.
Action Required
- Urgent review of core internet connected devices firmware and administrative remote access functionality be made.
- Further assurance should be sought by regular vulnerability scanning of internet connected IT systems.
Please contact TIAA Digital for advice – enquiries@tiaa.co.uk