Does your organisation have several idle computers (endpoints or even servers) that are shutdown and not in use? It most probably does. The pandemic has changed the way we work and many companies are embracing a hybrid model, where employees work from home most of the time, and are in office some of the time.
This evolving model of work has resulted in the intermittent use of computing devices in organisations, where some devices are shutdown most of the time and are occasionally started. This may create the impression that a computer no longer needs cybersecurity. A device that is rarely used is not exposed to risk, correct? Unfortunately, that is not correct.
You may ride a motorcycle only once in your life, but you will still need to wear a helmet because you could have an accident and suffer a severe head injury during that one ride. Cybersecurity is similar. A device needs to be protected even if it is used just once.
Why Rarely Used Computers Are At Risk
To understand why computers that are largely unused are at risk on the rare occasions that they are used, we need to consider a few cyberthreat statistics:
- 450,000 new malicious programs and Potentially Unwanted Applications (PUAs) are registered every day
- A hacker attacks every 39 seconds
- A ransomware attack occurs every 11 seconds
The large number of attacks and the frequency of attacks deliver a very clear message: every second counts in cybersecurity. Every computing device is at risk even if it operates for just a few seconds.
How Rarely Used Computers Are At Risk
An enterprise user may ask a relevant question: Yes, there are a lot of threats out there; but how do attackers even know that this device is being used in this corner of the world for a few seconds? How could an attacker be aware of an opportunity to attack this organisation through this machine when I myself didn’t know that I would be using this machine until a few minutes before I hit the Start button? This is a random occurrence and, therefore, isn’t the probability of a cyberattack similar to the probability that this facility would be hit by lightning?
No, the probability is not the same (though we do install lightning arrestors to protect ourselves against random calamities). A cyberattack is not a random occurrence; the threat actor is motivated to launch attacks, and a cyberattack is likely to occur when a rarely used computer is powered up because of the way computers operate when they start, and the way cyberattacks are designed.
When a Computer Is Connected To The Internet
The unused computer may automatically connect to the internet when it starts up, and this is usually by design. The complexity of modern digital technology requires computing devices to receive updates not only for their own operating systems, but also for the applications installed on the device. An internet connection may also be required to check the date/time and to validate software licenses. It is convenient to have the computer complete these tasks automatically upon startup.
But the internet is a two-way street. When a computer reaches into cyberspace, cyberspace can reach into the computer. Cyberattackers use automated tools that constantly search for vulnerable machines on the internet. You can be sure that your device will be found and compromised quickly if unprotected. In addition, malware may already exist on the device and use the internet to communicate with its Command & Control (C2) server to launch an attack.
When a Computer Isn’t Connected To The Internet
You may have devices that need to be manually connected to the internet or you may take the precaution of disabling connectivity (e.g., by disconnecting the LAN cable) before startup. This does not make the device safe to use because malware may already exist on the device in dormant form e.g., a file laced with malware that had previously been downloaded from the internet or received through email. Opening this file now would launch an attack. Using a thumb drive to copy files to or from the device could also import or export malware.
Does This Risk Have Real-World Consequences?
Yes; we have not been discussing hypotheticals or what could happen in theory. Unprotected devices do get attacked quickly in the real world. USA’s Colorado state suffered a ransomware attack when an employee of the Colorado Department of Transportation set up a temporary server without implementing cybersecurity measures to test a new business process. The server was discovered almost immediately by threat actors who then invaded the organisation’s network. The severity of the attack caused a state emergency to be declared and cost the state $1.7 million.
How Organisations Can Protect Rarely Used Computers
The pandemic and its impact on work has made protection of rarely or occasionally used computing devices a matter of concern for all organisations. Protecting such equipment requires
- Actively Supported Hardware and Software – The hardware or software in the device may reach end-of-support while the device is not in use. It may be tempting to use the device despite the lack of support as it is used infrequently but cyberattackers can exploit any vulnerability at any time. Devices that are not actively supported must be upgraded or replaced immediately
- Cybersecurity Solutions – All endpoints and servers must have cybersecurity solutions, like K7 Endpoint Security, installed with active licenses even if the devices are sparingly used. There is no such thing as an unprotected yet safe device
- Cybersecurity Maintenance Schedule – All devices, no matter how rarely used, must be started at periodic intervals and allowed to receive patches and updates for their operating systems, applications, and cybersecurity solutions. Such a maintenance schedule will ensure that when a device does need to be used, it will only need to receive the latest updates and will be ready for use fairly quickly; this avoids users interrupting updates to finish their work and thereby opening the doors to a cyberattack
K7 Endpoint Security provides multi-layered enterprise-grade protection for desktops, laptops, and servers, and secures devices without affecting device or network performance. Contact us to learn more about how we can help you secure your IT environment.