By A.N. Ananth
The insider threat is typically much more infrequent than external attacks, but they usually pose a much higher severity of risk for organizations when they do happen. While they can be perpetrated by malicious actors, it is more common the result of negligence. In addition to investing in new security tools and technology to protect against external threats, companies should place higher priority on identifying and fixing internal risks. Here are the top 3 high risk behaviors that compromise IT security:
1) Sharing login credentials: Convenience is the enemy of security. It is far too often more convenient to share credentials than create a unique login for each user. However, by doing so they leave the company vulnerable to data breach. While it may not be practical to completely eliminate shared credentials, a password manager that is accessible to multiple persons who need common access can shield the actual password from the user but still make it available.
2) Shadow IT or installing web applications: Users download unauthorized applications to their work computers or mobile devices. It also can occur when they subscribe to Software as a Service (SaaS) applications without IT approval. As employees spend large amounts of time at their desktop or laptop, it’s inevitable that they consider the device personal. The intention may be harmless–streaming music, looking for travel deals, shopping for personal items–but the danger is very real. Malvertising on such popular sites is frequently the reason for compromise.
3) Uploading of files to personal storage: Dropbox, Google Drive, etc. are often convenient ways of sharing company documents either between employees for collaboration or for use at home and work. The dedication is commendable, the behavior is still a risky one. Popular services were created for convenience and not necessarily for security.
What’s the remedy? Frequent updates and reminders. It’s so different than the procedures used in manufacturing facilities to minimize accidents. One single training session during onboarding isn’t enough. Regular IT and security updates are essential.
How did we decide on these particular behaviors, you ask? It’s based on observations by our SIEMphonic team; we review more than 1 billion logs every day to keep our customers safe. While training is a must, monitoring is also necessary. Many of these behaviors can be observed and appropriate measures such as training can be taken as a result.
As President Reagan observed, Doveryai, no proveryai.