Don’t have faith your internal network is secure

I was doing a Citrix project at one of the Universities in Sydney when the G:\ drive, containing a large number of documents, was suddenly encrypted. One of the administrative staff had clicked on a link in an email and triggered a ransomware attack.

It was responded to quickly:

• Her computer was taken off line
• Her computer was reimaged
• The G:\ drive was restored from the nightly backup tape with some data loss.
• The employee was given some training about clicking on unknown links.

She did the same thing the next day with exactly the same result. Often the social engineering is more powerful than the training.

Two things went wrong here:

• This employee had more access than she needed.
• The employee was doing email and surfing the web, two inherently insure applications, on the same network as valuable data.

Gone are the days when a good firewall and an antivirus program will provide adequate protection.

General administrative users should not be doing email, web surfing, using BYO devices, or other risky activities on the same network you have your sensitive data and valuable intellectual property stored. It can easily be argued that there should be no path between sensitive data and the Internet.

There are a number of strategies on how to separate the administrative network from the network containing sensitive data and intellectual property.