Overlooked legacy systems and static devices are creating new avenues for cyberattacks, says Cisco South Africa Security Solutions consulting systems engineer Greg Griessel.

Cisco’s ‘Midyear Security Report 2014’ highlights that many of the exploited vulnerabilities include older devices and legacy systems in industries that are not commonly targeted and, thus, often remain vulnerable to cyberattacks, such as the food and beverage, agriculture and mining industries.

“Cisco’s dedicated security intelligence and research group, called Talos, found that more attacks are occurring and more creative attack vectors are being used. For example, point-of-sale devices are being used to infiltrate company networks to launch further attacks on other internal and supposedly secure systems, as these devices are typically static and never updated or protected.”

The report also notes that threats posed by mobile devices in companies’ networks constitute an area that is in flux and could pose increased threats to companies’ data in future.

Mobile devices that are often not properly secured are allowed onto the company’s in-house network, introducing threats and vulnerabilities to otherwise secure networks of security-alert companies.

Talos identifies the main types of cyberattacks as malware websites that people are redirected to, bot-net attacks that use compromised devices on the inside of networks to launch larger attacks on the networks and theft of encrypted data to decrypt, extract and use the stolen information for cybercrime.

“Many organisations focus on high-profile vulnerabilities and on high-level protection, such as firewalls and intrusion detection and prevention. However, low-profile legacy applications and infrastructure, which are often overlooked, unprotected and not updated, are vulnerable to breaches and attacks,” Griessel explains.

Cisco advises companies to look at their infrastructure and systems holistically to identify unprotected or vulnerable systems that can be exploited or breached.

Griessel says companies must have visibility of the traffic on their networks and the context of each process, which includes user behaviour, devices and connections, to determine normal operational traffic on networks. This information is then used to identify abnormalities in network traffic and user behaviour, which are then flagged as potential breaches or threats that are investigated further, he adds.

Most companies can gather sufficient information from the equipment in their networks to implement a security monitoring system. Crucially, companies must always conduct thorough investigations of breaches and attacks after they have occurred to ensure that vulnerable areas are secured and to improve the security of their networks.

“Talos found that some bot-nets existed in companies’ networks for two years before being used to carry out an attack. This is why traditional cyberprotection strategies must be augmented by monitoring and analysis of internal networks to identify and manage threats and risks,” concludes Griessel.