How to address the 6 most overlooked causes of data breaches
- By Yoel Knoll
- Dec 07, 2016
Cybersecurity experts repeatedly warn about the growing number of sophisticated malware and hacker attacks against IT infrastructure and data. Organizations can’t control the bad guys, and the criminals are getting better. However, rudimentary attention to security threats can go a long way toward protecting systems and data.
The human factor plays a critical role in how strong or weak an organization’s security defenses are. Be alert to the six most common human-factor mistakes that can lead to deadly security breaches.
It’s not just rogue employees who compromise agency defenses with insider information. Out of ignorance, even the most loyal, hard-working employees can make mistakes that cost the agency dearly. For example, simple phishing attacks can be launched by opening emails from unknown senders, clicking on links and downloading attachments, after which they deliver malware onto a computer or convince a user to give up passwords. About a quarter of recipients open phishing emails, and 11 percent click on attachments. How can we keep this from happening?
The first lesson to convey to employees is the extreme importance of security. Are employees aware of the criticality of the data they deal with every day? Do they understand the necessity to comply with data-privacy regulations and what it might cost the agency if they don’t?
Once employees are aware of the requirement for security and their critical role, they must be warned about using unauthorized websites and shadow IT tools and shown how their daily activities can lead to undesired endpoint or network penetration. And these lessons must be reinforced periodically to ensure that they are not forgotten.
2. Time constraints
Often lacking sufficient budget and headcount, security staff are overburdened. Given all the pressure to “get everything done,” sometimes things just don’t get done correctly.
Misconfiguration of a tool and neglecting to follow security policies to the letter are regular mistakes. So is spinning up a certain service, such as a container, a proxy or monitoring tool, but forgetting to secure it.
Still another consequence of time pressures can be forgetting to update security patches or not updating them on time. About half of IT professionals see outdated security patches as a problem and cite human error and patch management as stumbling blocks to making web apps totally secure.
Cutting corners may sometimes be a good way to get the job done quickly, but it also makes way for poor security. Security managers must keep their teams on their toes. And when they undertake to respond to an incident, they must see it through to its final resolution.
While hacking and malicious attacks are often the top concern for protecting an organization’s data, often it’s the weak or lost password that proves to be the Achilles’ heel that leads to disaster.
Protected only by weak passwords, laptops, tablets, cell phones, computers and email systems offer up little defense against the committed hacker who can easily obtain subscription information, personal, financial and health information as well as sensitive business data. IT departments will go a long way to enhancing security by implementing policies that enforce use of strong passwords on all devices.
Another password vulnerability is employees’ tendency to use the same password (or even the same set of passwords) for both work and home. If a home network is breached, there may be little damage that an attacker can do, but if the attacker can extract passwords from a home computer (or personal smartphone) and use them as a springboard to launch attacks against the enterprise, devastation can ensue.
4. Friendly outsourcers, vendors and partners
As technology becomes more complex, companies increasingly rely on outsourcers, vendors and partners to support and maintain systems. These third parties typically use remote access tools to connect to the agency’s network, but they don’t always follow security best practices.
Organizations must trust their contractors and vendors. However, even partners with benevolent intent can leave their customers open to attack. Third-party threats increase exponentially if unvetted partners are allowed to access an organization’s network.
Agencies must be certain that their trusted partners and vendors follow best security practices, such as enforcing multifactor authentication, requiring unique credentials for each customer and creating a comprehensive audit trail of all remote-access activity. Third-party accounts should be disabled as soon as they are no longer required, and login attempts using these accounts should be monitored.
5. Alert fatigue
Alerts signal a potential problem that might require immediate attention, but if alerts are frequent and coupled with a high false-positive rate, they lose their power. About a third of cybersecurity professionals face more than 10,000 alerts every month, and more than half of the alerts are false positives.
Alert fatigue occurs when security personnel are exposed to a large number of security alerts and become numb to them, which can cause increased response times and missed alerts.
For the security team, the number of false alarms belies the actual problem. Alert fatigue leads to a loss of confidence in security tools. Over time, the sensitivity threshold falls to a point where all alerts are suspect, and actual security becomes almost non-existent. When the real thing happens, nobody recognizes it.
Cybersecurity incident response teams are dealing with their own version of alert fatigue. After investing in state-of-the-art systems that detect potential attacks and sound alerts, the extremely high rate of false positives undermine the value of the detection systems.
Hiring more personnel is not the answer. Attacks are increasing exponentially and agencies cannot keep up just by throwing more people into the fray. Arming staffs with the best technology -- one that provides accurate alerts with no false positives – is a much better approach. Deception-based solutions, for example, fall into this category.
Most organizations are very good at preparing for a targeted event. Security teams will be on high alert when the latest advanced persistent threat is published or a new zero-day attack is discovered. But once the danger has passed, teams tend to fall back into a routine, let down their guard and can miss a new attack.
Be on guard against routine. Re-allocate tasks. Give your security team training in the latest technologies and tools. Keep the environment fresh and dynamic.
Everywhere, networks and data are under attack. This is war! In order to defend their agency assets, cybersecurity professionals must rely on every means at their disposal. These days, while we tend to focus on technology and expertise to spearhead our defenses, we must not overlook the simple, internal steps we can take to reduce our attack surface and to make every employee a soldier in our battle against cyberattacks.
Yoel Knoll is vice president of marketing at TopSpin Security.