Failure to adopt a “continuous auditing” approach to security opens organisations to risk of negligent insider threat, warns Philip Lieberman
To mitigate the threat from negligent insiders, organisations can take a cue from the way that firefighters in our company’s home state of California tackle the annual wildfire season. Firefighters understand that with dry terrain and unfavorable winds wildfires are bound to occur. That is why these professionals are relentless in their efforts to limit wildfires’ damage, encouraging every resident to search out and remove combustibles around vulnerable buildings. Firefighters also plan ahead to develop the rapid response strategies needed to keep the fires contained once they break out.
Sadly, the security practices of many organisations are akin to a community of reckless Southern California homeowners that allow groves of eucalyptus trees to hang over the eaves of their homes. Examples of the dangerous combustibles in your IT environment can include:
- Administrative users who are not required to periodically change their elevated, “super user” credentials. This leads to privileged account passwords that may never expire becoming known to too many current and former workers.
- Computers and network appliances that share common username and password logins, exposing large portions of the infrastructure should a single account be compromised.
- The storing of administrative passwords on spreadsheets that are placed in well-known or unmonitored locations.
- Failure to adopt a “continuous auditing” approach to security, never enacting the processes to search out new vulnerabilities and mitigate them before they provide the opening for an attack.
Regardless of how much your organisation spends on security, if any of these examples apply to your situation you could be vulnerable to attacks made possible by negligent insiders.
It’s All About Risk management
Today if your organisation runs a network you’re a target for attack. We may never eliminate the threat but with a sound, layered security approach we can do much to reduce its potential impact. And when it comes to mitigating the risks of negligent insiders, organisations need to move beyond basic training and look for ways to limit the damage.
Your first step is to ensure that administrative passwords are regularly changed; that multiple computers, network appliances, or applications don’t share identical credentials; and that no passwords are stored on spreadsheets that have unmonitored access. Next, enact processes to continuously scan the infrastructure for new vulnerabilities and take action before there’s an attack.
Regardless of whether you accomplish these steps through manual processes or by deploying privileged identity management software, you’ll be well on your way to building stronger security and limiting the potential damage of an attack. This way you also reduce your exposure to the human factor.
Philip Lieberman is CEO of Lieberman Software