Any mishandled change operation can lead to major security problems. Even a small error can lead to databases being published in a public location or a vulnerability that hackers can use to access the system. As such, change management is a critical component of operations for any company trying to minimize risk. A recent security incident highlights this need, as a Computerworld report explained that one organization lost thousands of dollars in an incredibly short amount of time because of a small configuration change error in its telecommunications infrastructure.
Considering How the Flawed Change Impacted Security
The report was detailed in Computerworld's Security Manager's Journal column, an item that features guest security managers detailing real-life incidents they have experienced. In this instance, the author explained that he usually finds his security work interesting as he is faced with frequent challenges that force him to fight IT security threats as they arise. The malware, denial-of-service attacks and other threats can often be defeated without loss, but sometimes the organization is hit by repetitive loss events, and these quickly become uninteresting and incredibly frustrating.
One such set of incidents, according to the news source, emerged in the company's telecommunication's infrastructure. The company received a call from its telecom provider checking on thousands of dollars worth of calls made to places like Costa Rica and Bolivia within a period of less than 12 hours. These fees are not normative, and a similar problem had arisen a few months before and was thought fixed.
After some digging, the security manager found that a consultant had bungled a change in the telecom infrastructure, leaving multiple ports publicly accessible. As such, scammers who scan for open IP ports were able to hijack the open space and route calls to international destinations through the company's systems. The costs of this change malfunction were considerable and though recouped in the end, serve to highlight the substantial security problems that can arise when a change is not handled effectively.
Using Change Management to Eliminate Risk
Organizations that depend on individuals to manage change independently of one another set themselves up for a situation in which human error leads to a major data or financial loss incident. Implementing a change management system provides built-in oversight and automation to help IT leaders establish checks and balances that prevent minor errors from escalating into major incidents. The end result is an IT environment in which risk is reduced and organizations can make changes with fewer difficulties.