What’s the solution for the simple security mistakes caused by human error?
Every company worries about protecting itself against the next WannaCry-esque cyberattack, but the truth is that most critical issues in the enterprise network are caused by simple human error. In today’s modern environment, security is complicated by the dynamic, constant changes resulting from BYOD, cloud, and other internal and external factors.
The reality of those complexities makes it all the more difficult for IT professionals to do their jobs. As a result, they sometimes make mistakes, whether intentionally or unintentionally, and most common IT mistakes leave networks vulnerable to attackers.
Security Mistakes of Good Intention
These mistakes might include leaving legacy systems in place, letting compliance slip by the wayside, not being prepared for system downtime, not thinking about disaster recovery or using the wrong tools for the job. “The biggest mistakes IT administrators make is thinking of themselves as jail wardens rather than sheriffs. That’s because so many established best practices are counterproductive,” said Patricia Diaz-Hymes, senior product marketing manager at Lakeside Software.
“We’ve found that locking down corporate-issued laptops or mobile devices drives employees to bring unsanctioned devices into the workplace in search of productivity which, in turn, increases organizational risk. Also, installing tons of security software on laptops tends to impact system performance and so employees seek and often find ways of disabling those tools to enhance device performance,” she said.
Some mistakes are made in an effort to increase security, but some IT errors are made with productivity rather than security in mind. While the more obvious ones might be giving every computer in the network the same local admin password or failing to delete former employees, there are some lesser known security mistakes that are equally common and just as dangerous.
“Recently, an IT person at a manufacturing company was scheduled to run a routine set of commands on the entire network for a week,” said Adi Ashkenazy, VP of Product at XM Cyber. These routine behaviors have the potential to turn problematic, especially with shadow IT and policy breaches.
“The implementation method involved changing the organization’s log-on script to run a batch file from a remote share. Every time a user logged on, the workstation would automatically run the log-on script, which in turn ran the batch file from the remote server. Unfortunately, the employee mistakenly dropped the file in the remote share without being aware that it was globally writable,” Ashkenazy said.
Were a dormant advanced persistent threat (APT) lying in wait, an attacker could have instantly changed the file and infected it, so that the next morning, every time a computer was switched on, it would be compromised.
The Battle Between Productivity and Security
Unfortunately, the push to deploy what they are building results in IT professionals not seeing security as a priority. “Developers are technical and secretive, and they don’t like being limited. They often have a high level of privileges giving them all kinds of access to the production environment that no one is aware of,” Ashkenazy said.
Because they are not measured on how secure their products are but on whether they have met the deadline, if the product is ready and working, productivity wins out over any potential risks that can be fixed later.
Ashkenazy noted the production environment has become a common way for hackers to gain access to the network. They go from filters to the production environment, and if they are able to gain access to the software controlling a machine in manufacturing, the developers will do the rest for them.
In large part, developers don’t understand risk, Ashkenazy said. They don’t understand how a hacker looks at a given opportunity. They just want to do their jobs.
For an IT person, that job comes with the privilege to change access controls. Perhaps they have to move an update file every two weeks, which becomes a bit of a hassle when going through the authorization process. With elevated privileges, a person can change the authorization process or the firewall rules for an hour or so. When the job is done, they change it back.
While it seems harmless and could even be argued as an effort to be more productive, APTs can lie in wait in a computer network for years until the right opportunity presents itself. The changes can trigger an event for a hacker who can then try to take control.
Is Automation the Answer?
When looking at the kinds of things people are trying to do to consolidate their security stacks, it’s all manual. Even those who bring in red teams are often only looking at small subsets of the network. Combine all of these manual efforts with the fear and mistrust that exists between security and IT, and the threats continue to grow.
“Given the complexity of the modern network, you can’t manually do all the things that need to be done. You need automated analysis and concise data from automated systems that allows for enhanced vulnerability management,” said Ashkenazy.