Spring is in the air.
As most cybersecurity projects start by tidying an existing environment before making improvements - spring cleaning came to mind.
In this vein - I've written a 2-part series on organising and tidying two key areas: your network and your data.
This week - it's all about your network.
It's the first week of May. And there's still time for some late-spring cleaning.
But how do you spring-clean something like your network?
Marie Kondo's - "Does this spark joy?" - approach to spring cleaning has gained popularity over recent years.
But network spring cleaning should follow more closely my traditional approach.
Go to Ikea.
Buy more shelves and boxes.
Hide the clutter.
More seriously - there needs to be an organised approach to what devices connect to your network and how.
If I'm honest - most business networks are an evolution... of an evolution of... a plan.
What started as a simple, well-planned network has received numerous new requirements - combined with an obligation to say - Yes.
This situation often leaves businesses with a flat, unsegmented network — or, marginally better, a network split into Guest and Everything-Else.
The core idea behind separating the guest network is - "I don't trust people I don't know - guests to our business - with access to our business network."
This approach makes perfect sense and is a strong self-defence mechanism.
But there is more to it than this...
In 2018, the UK NHS was severely impacted by the WannaCry ransomware attack. The attack encrypted NHS computers, rendering them unusable, and demanded Bitcoin ransom payments. The incident resulted in disrupted services, cancelled appointments, and diverted ambulances.
One crucial lesson from the incident was the need to segment networks. Wannacry spread rapidly across the NHS network as it could freely exploit shared drives from across the network.
Cyber insurers increasingly ask for proof that systems with different risk profiles are separated. In the event of one area becoming compromised - it's essential to avoid contagion to the rest of the network.
What other risks and devices on your network should you also question?
Again in 2018, hackers exploited an aquarium's thermometer to break into a casino's network. In total, the cybercriminals stole 10 gigabytes of sensitive data.
And as recently as 2021 - 150,000 security cameras from police stations, schools, and companies like Tesla and Equinox were compromised by hackers.
It's clear greater segregation is required.
We need to put network clutter into more boxes.
So what network segments should you have?
Your exact decision will depend on the context of your business needs, but here are a few to think about:
And so in 2023 - what started as a simple, flat network needs to evolve to look more like an Ikea KALLAX shelving unit.