by Carol Woodbury, CTO, SkyView Partners, Inc
"The Unintentional Insider" - sounds like the title of a spy novel doesn't it? Oh if that were the case. An unintentional insider is someone whose intent is not malicious but unknowingly or unintentionally provides access or information to a hacker. Unfortunately hackers are exploiting these insiders in increasing numbers to gain access to networks and systems. This newsletter focuses on 5 ways to prevent the unintentional insider.
#1 - Educate your Organization
One of the most powerful weapons in your security administration toolbox is an educated organization. Often called a 'security awareness program,' the process of educating all employees about the latest security threats and social engineering techniques (e.g., phishing for user credentials or private information or contacting employees pretending to be a someone with a 'need to know' company confidential information) and the appropriate use of data may take time, but is an investment well-spent. Non-IT users are often most susceptible to the techniques of hackers who try to get information about your organization. They may also be less skeptical and not hesitate to answer phishing email or link to websites that download malware. Users who understand the benefits of reducing risk to your organization's data are a vital part of your defense.
#2 - Implement Multiple Layers of Defense
The more valueable the data is to your organization, the more layers of defense you'll want to implement. Why rely on the settings of your firewall to ensure an intrusion (inadvertant or purposeful) does not occur? You've probably already implemented anti-virus and anti-malware scanning for email. But you may also want to implement one-time passwords or use an alternate authentication method such as Kerberos to establish connections to ensure passwords cannot be sniffed Or perhaps you want to encrypt all private information regardless of whether regulations require it so it cannot be read in transit. A deny-by-default setting on database files will limit who can directly access data. The list of layers could go on. You'll need to make a business decision and determine how many layers are appropriate for the data you're trying to protect.
#3 - Review the Settings
One of the reasons hackers are able to penetrate a network is because settings were inadvertently left at the default settings or in a state that leave the network or database vulnerable. Have a team review the configuration of items like your firewall rules or hire a consultant who specializes in firewall configuration. Other settings need review as well. Operating system configuration settings, user capabilities and access control settings on database files are some of the areas that should also be reviewed regularly.
#4 - Stop Sharing
The use of shared profiles or accounts is a dangerous practice. When the users know it's a shared profile, less care is taken with the pasword. The more users that know the password, the more likely someone is going to write it down and store it where it's easily found (such as under their keyboard) or pass it along to someone else. In addition, accountability is lost when multiple users share the same account; therefore, it's harder to investigate an intrusion caused by an inadvertent insider.
#5 - Start Logging
This may not be a prevention mechanism but logging or auditing it is certainly required for intrusion detection. If you're to determine whether an intrusion has occured, where it came from and who's involved, auditing must be configured and active.
While the individuals involved in these breaches didn't mean to expose their organization to risk, that was the result. These five tasks are actions you can take to help reduce that risk.
Carol Woodbury, CRISC
CTO and co-founder, SkyView Partners
How SkyView Partners & SRC Secure Solutions can Help
SkyView Partners' Security Check-up Service and SRC's Vulnerability Check identifiy the risks associated with the current settings on your IBM i and AIX servers and provides suggestions for more secure settings. SkyView's Managed Services for Compliance Reporting can help ensure your IBM i and AIX servers stay in configured according to your organization's requirements.
If you'd like more information on how SkyView's solutions can help your organization with your security compliance or administration needs, contact us.