I am confronted every day with companies who have suffered
some kind of security breach, mostly internal and it often comes
down to the mismanagement of highly sensitive data with most
companies admitting they had no idea or way of monitoring who has
access to the most sensitive data. Such mismanagement is also
increasing enterprises' vulnerability to internal threats that can
be caused by simple human error or malicious deeds,writes Adam Bosnian, vice-president marketing atCyber-Ark
Software.
To significantly cut the risk of these insider breaches,
enterprises must have appropriate systems and processes in place to
avoid or reduce human errors caused by inadvertent data leakage,
sharing of passwords, and other seemingly harmless actions.
Here are some best practices that I recommend to our clients
when they need to consider what to do when it comes to preventing
internal breaches, be they accidental or malicious.
1. Establish a safe harbour
By establishing a safe harbour such as a virtual vault for
highly sensitive data (such as administrator account passwords, HR
files, or intellectual property), will help to protect it from the
security threats of hackers and the accidental misuse by
employees.
2. Automate privileged identities and activities
Ensure that administrative and application identities and
passwords are changed regularly, highly guarded from unauthorised
use, and closely monitored, including full activity capture and
recording. Monitor and report actual adherence to the defined
policies. This helps to simplify audit and compliance requirements,
as companies are able to answer questions associated with "who" has
access and "what" is being accessed.
3. Identify all your privileged accounts
The best way to start managing privileged accounts is to create
a checklist of operating systems, databases, appliances, routers,
servers, directories, and applications throughout the enterprise.
Each target system typically has between one and five privileged
accounts. Add them up and determine which area poses the greatest
risk. With this data in hand, organisations can easily create a
plan to secure, manage, automatically change, and log all
privileged passwords.
4. Secure embedded application accounts
Up to 80% of system breaches are caused by internal users,
including privileged administrators and power users, who
accidentally or deliberately damage IT systems or release
confidential data assets, according to a recent Cyber-Ark
survey.
Many times, the accounts leveraged by these users are the
application identities embedded within scripts, configuration
files, or an application. The identities are used to log into a
target database or system and are often overlooked within a
traditional security review. Even if located, the account
identities are difficult to monitor and log because they appear to
a monitoring system as if the application (not the person using the
account) is logging in.
These privileged, application identities are being increasingly
scrutinized by internal and external auditors, especially during
PCI- and SOX-driven audits, and are becoming one of the key reasons
that many organisations fail compliance audits.
5. Avoid bad habits
To better protect against breaches, organisations must establish
best practices for securely exchanging privileged information. For
instance, employees must avoid bad habits (such as sending
sensitive or highly confidential information via e-mail or writing
down privileged passwords on sticky notes). IT managers must also
ensure they educate employees about the need to create and set
secure passwords for their computers instead of using sequential
password combinations or their first names.
The lesson here is that the risk of internal data misuse and
accidental leakage can be significantly mitigated by implementing
effective policies and technologies.