I am confronted every day with companies who have suffered some kind of security breach, mostly internal and it often comes down to the mismanagement of highly sensitive data with most companies admitting they had no idea or way of monitoring who has access to the most sensitive data. Such mismanagement is also increasing enterprises' vulnerability to internal threats that can be caused by simple human error or malicious deeds, writes Adam Bosnian, vice-president marketing at Cyber-Ark Software.
To significantly cut the risk of these insider breaches, enterprises must have appropriate systems and processes in place to avoid or reduce human errors caused by inadvertent data leakage, sharing of passwords, and other seemingly harmless actions.
Here are some best practices that I recommend to our clients when they need to consider what to do when it comes to preventing internal breaches, be they accidental or malicious.
1. Establish a safe harbour
By establishing a safe harbour such as a virtual vault for highly sensitive data (such as administrator account passwords, HR files, or intellectual property), will help to protect it from the security threats of hackers and the accidental misuse by employees.
2. Automate privileged identities and activities
Ensure that administrative and application identities and passwords are changed regularly, highly guarded from unauthorised use, and closely monitored, including full activity capture and recording. Monitor and report actual adherence to the defined policies. This helps to simplify audit and compliance requirements, as companies are able to answer questions associated with "who" has access and "what" is being accessed.
3. Identify all your privileged accounts
The best way to start managing privileged accounts is to create a checklist of operating systems, databases, appliances, routers, servers, directories, and applications throughout the enterprise. Each target system typically has between one and five privileged accounts. Add them up and determine which area poses the greatest risk. With this data in hand, organisations can easily create a plan to secure, manage, automatically change, and log all privileged passwords.
4. Secure embedded application accounts
Up to 80% of system breaches are caused by internal users, including privileged administrators and power users, who accidentally or deliberately damage IT systems or release confidential data assets, according to a recent Cyber-Ark survey.
Many times, the accounts leveraged by these users are the application identities embedded within scripts, configuration files, or an application. The identities are used to log into a target database or system and are often overlooked within a traditional security review. Even if located, the account identities are difficult to monitor and log because they appear to a monitoring system as if the application (not the person using the account) is logging in.
These privileged, application identities are being increasingly scrutinized by internal and external auditors, especially during PCI- and SOX-driven audits, and are becoming one of the key reasons that many organisations fail compliance audits.
5. Avoid bad habits
To better protect against breaches, organisations must establish best practices for securely exchanging privileged information. For instance, employees must avoid bad habits (such as sending sensitive or highly confidential information via e-mail or writing down privileged passwords on sticky notes). IT managers must also ensure they educate employees about the need to create and set secure passwords for their computers instead of using sequential password combinations or their first names.
The lesson here is that the risk of internal data misuse and accidental leakage can be significantly mitigated by implementing effective policies and technologies.