Low Hanging Fruit: Close Your Open Ports!
Cyber insurance claims activity has proliferated at a break-neck speed. The frequency of incidents has risen as ransomware, business email compromise, and other perils have become more successful and sophisticated. With that success comes hefty price tags for ransoms and remediation costs that can span months. In our ongoing series, Low Hanging Fruit, we explore cybersecurity solutions that your organization can implement to boost cybersecurity.
What does “Closing Ports” Mean?
Remote Desktop Protocol (RDP) is a means of accessing one computer from another computer. The means of access is called a port, and this is the main portal for all access of information over the internet. Web browsers, web pages, and file transfer services all use specific ports to receive and transmit information. Many are familiar with POP3 ports that retrieve data from remote email servers, or HTTP ports that are associated with the Hypertext Transfer Protocol, and allow us to browse on the internet. Some operating systems have a certain number of default ports that are open, and certain types of software use specific ports.
Why is Closing Ports Important?
According to security firm BitSight, companies that have more open ports than their peers are likely to experience a breach. Specifically, their findings were that 60% of breached organizations had 10 or more open ports. If not properly secured, open ports can create a host of issues. The ports can be publicly accessed using a simple scan and then accessing computers leading to the download of ransomware or other forms of malware. Besides closing these ports, requiring strong passwords and multifactor authentication for access to open ports like Virtual Private Networks (VPNs) can prevent access when ports must remain open. This impacted many companies when the transition was made to a remote workforce due to the pandemic. Other common scenarios can include cleaning of log files (hiding malicious activity), disabling of back-ups, and exfiltration of data.
How will this prevent claims?
Open ports have been around since the dawn of the internet, as it is how the infrastructure of our information sharing community has been created. As ransomware continues to proliferate, prevention of network access has become vitally important. Carriers are spending money and time on resources to identify open ports, and renewal terms are often contingent upon confirmation of closure of these ports. Carriers have seen attacks originating as outlined above, and are no longer taking a “wait and see” approach.
If a port is open and is not utilized to access information on the network, it should be closed immediately. Implementing MFA when ports must remain open is the belt and suspenders solution many insurance carriers look upon favorably. A contentious IT team has this on their radar, and spring is the perfect time to harvest this low hanging fruit.