Unsecured Networks

Threat Areas
Integrity
General Likelihood
High

Description

Unsecured networks are a security threat because they do not have the necessary safeguards in place to protect against unauthorized access or attacks. This can make it easy for attackers to gain access to the network and potentially compromise the systems and data on it.

Here are some specific ways in which unsecured networks can pose a threat:

  • Data breaches: Unsecured networks can make it easy for attackers to gain access to sensitive data, such as login credentials, financial information, or confidential business documents. This can lead to financial losses, damage to an organization's reputation, and legal consequences.
  • System compromise: Unsecured networks can also make it easier for attackers to gain access to and compromise systems, such as servers or databases. This can include installing malware, modifying system settings, or deleting critical data.
  • Network disruption: Unsecured networks can also be vulnerable to attacks that disrupt the operation of the network, such as denial of service attacks. This can lead to operational disruptions and lost productivity.

Assessment

Mitigations

To protect against these types of threats, it is important for individuals and organizations to secure their networks by implementing appropriate safeguards, such as firewalls, intrusion detection systems, and strong, unique passwords. It is also important to regularly update and maintain these safeguards to ensure that they are effective against the latest threats. By following these steps, individuals and organizations can significantly reduce the risk of unsecured networks being exploited by attackers.

In the Wild

There have been many instances where unsecured networks have been the cause of cyber attacks. Here are a few examples:

  • Target data breach: In 2013, a data breach at retail giant Target was traced back to an unsecured network. The attackers gained access to the network through a vendor's account and were able to steal the personal data of over 40 million customers.
  • Marriott data breach: In 2018, the Marriott data breach was also the result of an unsecured network. The attacker, who was a former employee of a subsidiary company, gained access to the systems through a misconfigured firewall.
  • Capital One data breach: The Capital One data breach that occurred in 2019 was also the result of an unsecured network. The attacker, who was a former employee of Amazon Web Services, gained access to the company's systems through a misconfigured firewall and used the administrator privileges to access and steal the personal data of over 100 million customers.
  • SolarWinds supply chain attack: In 2020, a cyber attack targeted the software company SolarWinds and its customers, including government agencies and Fortune 500 companies. The attack was traced back to an unsecured network at SolarWinds, where the attackers had gained access through a supply chain attack and were able to install malware on the company's systems.