A recently published report from IBM Security Services claims that 95% of security incidents include a human error element. What are some of the main vectors that are putting companies at risk?
Untimely management of patches
Weak login and password combinations, such as defaults
Lost mobile devices like laptops or smartphones
Incidents of Human Error
Accidents can occur in even well-secured environments. A slip-up happens to us all from time to time. Additionally, it takes persistent efforts to overcome a lack of understanding at each level. Sometimes secure configurations and putting in place strong policies are not enough to overcome every possible incident. That is when a change detection mechanism becomes incredibly valuable for IT staffers that are monitoring the state of an environment.
Here are a few examples of issues that can befall organizations:
Bob, the network admin, accidentally opens a firewall port that opens outside access to the cardholder data environment (CDE). We’ve all made typos while texting or typing, for some people it occurs so often they don’t even notice. Unfortunately, Bob just compromised the whole cardholder database without even knowing it and that is a critical oversight.
An IT staffer falls prey to a social engineering scam to obtain active directory credentials allowing a hacker to obtain the staffer’s active directory credentials. This in turn allows the hacker access to a system that stores customer data including social security numbers.
An outside vendor with access to a company’s network has lax IT security policies. The outside vendor’s network is hacked, which then allows the hacker to access the company’s network. An excellent example is the Target breach, in which a hacker gained access to Target’s network by compromising the network of a heating, ventilation & air conditioning (HVAC) contractor. No matter how strong the security precautions of a company may be, it won’t protect them when another entity they trust doesn’t maintain adequate standards.
Mitigating Human Error
Here are some suggestions:
Put in place a change detection mechanism that alerts IT staff when critical network device configurations are changed.
Teach employees how to recognize social engineering. Give them examples and case studies.
Scrutinize your agreements with outside vendors to insure it requires them to employ strong IT security. Insist on seeing regular audits of their IT infrastructure to insure that appropriate safeguards are in place.
Obviously, every enterprise has different needs. Consider what goals your IT department must pursue to improve the overall cybersecurity posture for it.
The CimTrak file integrity monitoring suite can help companies detect human error before it creates significant issues. Its built-in change detection and alerting mechanisms will let your IT staff or Chief Information Security Officer know when critical network settings or files have been changed.
July 9, 2014