It is an unfortunate fact of life these days that IT Security has become a large item on a security manager’s list of things to keep on top of. The many and varied threats, not just technical ones, give them sleepless nights as the hackers and thieves try to breach security to break the systems or to steal the organisation’s greatest asset – information.
In these days of 24/7/365 global online e-business, a prolonged, or even short-term loss of service could be the end of the organisation. Equally, the impact on an organisation’s reputation, if customers banking or credit card information is stolen, can be equally devastating.
What kinds of threats give the security manager nightmares and what IT Security measures can be implemented to counter them?
Contrary to popular belief, the greatest security threat is internal users. An FBI study shows that the vast majority of malware incidents arise from user actions or inactions.
What do they do?
- Security of access credentials is particularly important in a Single Sign-On environment. Users often:
- Write down their access credentials on the deskpad or on a post-it note attached to their desktop monitor. Sometimes it is on the first or last page of their desk diary.
- Tell someone their logon credentials. This could be a colleague, or sometimes someone claiming to be “from IT” needing to remotely log-on to their desktop.
- Respond to a phishing exploit by clicking on an email or social media internet link. The link takes them to a site from which malware downloads to the desktop. The malware could be a keylogger recording their credentials and sending them back to the hacker, or a nasty piece of malware such as a ransomware attack that propagates over the corporate network.
- Respond to a more targeted version of phishing, spear-phishing. In this variant the hacker or thief targets individuals in an organisation with a personalised email that looks like it comes from a trusted source, perhaps looking like it came from inside the organisation.
- Import malware from home on removable media.
How to stop it
- The key is user education. From induction onwards, users must be educated about how to identify and respond to email threats. Periodic reinforcement is essential.
- When a user resigns, revoke their access credentials immediately.
- Enforce a password change on first sign-on and periodically thereafter.
- Make the password a strong password. It should be a combination of upper and lower case letters, numbers and special characters. Make it a minimum of eight characters long. Prevent the users including their name or part of their id in the password.
- If the corporate IT environment allows it, implement a black-list of known dodgy websites that users cannot connect with. The current version of the Microsoft Edge browser does this automatically, and some corporate anti-malware software provides the facility to import lists of web-site addresses to form a black-list. Such lists are commercially available, but sometimes can include reputable sites.
While the majority of threats arise from user action or inaction, other threats present themselves at a more technical level. These include:
Ransomware. Simply put, ransomware encodes the contents of a desktop or more drastically, a systems server. The perpetrators ask tor a payment, usually in untraceable Bitcoin, after which they will provide a decryption key. Often the key doesn’t appear or doesn’t work.
The FBI again report that the majority of ransomware attacks aren’t officially reported. The most sure recovery technique is to go back to bare metal and restore everything from a clean backup.
Denial of Service attacks. For an organisation that relies on 24/7/365 availability, loss of service can have a serious effect on an organisation. A DoS or DDoS attack seeks to prevent access to an organisation’s web presence by flooding it with spurious network traffic, thereby preventing genuine users from reaching the site.
General malware attempts that reduce service levels. If an organisation spends resources on identifying and countering malware attacks, then this can have two major effects:
Additional cost. If the organisation must invest in additional counter measures like hardware, software and network security personnel, then this is an additional operating cost to the organisation;
Reduced service levels. If an organisation must devote resources to anti-malware activities, then these resources are denied to more productive uses. In addition, if users devote time and effort to anti-malware activities, this again diverts them from more productive duties.
In summary, security managers have a lot to worry about with IT Security. They need to consider how to minimise the possibility of users causing incidents, external attacks from an increasing number of different attack vectors, and new and more complex threats arising each day.
The price of security is eternal vigilance.