Stopping a User From Downloading UC Software
A Fortune 1000 company was hacked because a user downloaded a UC client.
I was visiting with a peer recently, and he shared in confidence how the company had recently been breeched because a user had downloaded a UC client from an unknown source that had malware in it. The malware allowed an outside entity to gain remote control of the corporate PC. The good news is that IT detected the breach fairly quickly, when the PC became active late at night. The bad news is that stopping this from happening again is a challenge.
How often do we get a calendar invite that requires us to download a new conferencing software client? How often do we pull down the client, not knowing if malware lurks inside? The sad reality is too often, and I, too, am guilty. By the time I left Gartner in 2016, I had more than 40 different conferencing clients on my corporate computer. Every UC vendor wanted to show off its solution, and I was only too happy to oblige.
According to Gartner, more than 99% of security breaches are due to human error, whether this is IT misconfiguring equipment and not staying up to date on the latest releases/patches or users downloading software from untrusted sources. Sophisticated hackers are becoming like spies and taking advantage of the human element in order to gain access to high-value digital assets.
How do we stop users from downloading malware?
- Training -- Yes, mandatory training is key in increasing user awareness of the risks. The challenge is that users download software all the time at home without consequences, so they're in the habit of doing so. I was trained to go the speed limit, but my foot doesn't listen...
- PC firewall -- Install a firewall on every end-user device and have this software block application downloads. Sounds good in theory, but this is the day and age of users bringing their own devices and many employees will have software running that isn't on the corporate-approved list. This is especially the case for application developers.
- Proxies -- Next-generation firewalls and proxies are designed to block users from going to malicious or inappropriate Internet sites. Companies buy blacklists of sites that users shouldn't visit. The problem here is that new malicious sites pop up all the time, plus firewalls are designed for standard Web application protections, not real-time communications that use a large span of UDP ports and are more commonly TLS encrypted. New UC-specific proxies are coming on the market to address this (more on this topic in the future).
While the above are great proactive steps that enterprises are taking, the sad reality is that user devices will still get compromised. Security architects have accepted that devices will get malware on them and are beefing up their reactive tools to minimize the exposure by detecting and blocking it quickly. This is why enterprises are moving toward zero trust security models and investing in security information and event management (SIEM) tools to detect anomalies. Malware lurks everywhere and can be dormant for long periods of time, before arming and trying to do something malicious.
So, the next time you download a UC client, think twice. Do you trust the source? Do you have something in your network that will detect when your device is misbehaving?