Training Won't Solve the Negligent Insider Threat - SC Magazine Editorial
Lieberman, President & CEO
2010 was barely underway before news of the year's first sensational
data breach hit the wires. Internet giant Google announced that it was
the victim of a sophisticated attack from China designed to break into
accounts of political dissidents hosted by the company. Details are
scant, but one disclosure in particular does stand out.
Google reported indications that its employees either intentionally or
unintentionally helped make the attack possible. This detail hardly
surprised many security experts, myself included, who have long written
about the threats that enterprises face from inside the corporate
Our warnings haven't gone completely unnoticed — awareness about
insider threats has grown in the recent past. But many companies'
responses have the appearance of ineffective security theater.
One case in point: security training for rank and file employees. Some
CIOs seem to expect that by educating users about the dangers of
clicking risky links or downloading unvetted applications onto their
machines, these users will stop their risky behavior.
The truth is, though, that while employee training can offer some ROI
by eliminating a small percentage of IT incidents, it's hardly a
Adding fuel to the fire
According to many security experts, the most prevalent IT security
threat arises from negligent insiders. Malicious hackers prey upon
enterprise users with the knowledge that no matter how many times your
employee may hear about security policies and risks, eventually that
user will click a questionable link on Facebook, respond to a phony
email from the ”IRS,” or be duped by a targeted spear phishing attack.
It is inevitable that costly mistakes will be made because there is a
human working at each keyboard attached to those networked PCs. Humans
are fallible. They have bad days. And sometimes they don't stop to
think whether they're putting their employer's assets at risk.
In the case of an employee who has elevated access levels needed to
carry out his job, an attacker who entices the worker into infecting
one computer now also has privileged access into the network. The
worker's account becomes the proxy for the hacker, who knows how to
leverage this access for further attacks deeper and deeper into the
To mitigate the threat from negligent insiders, organizations can take
a cue from the way that Southern California firefighters tackle our
annual wildfire season. Firefighters understand that with dry terrain
and unfavorable winds wildfires are bound to occur. That's why these
professionals are relentless in their efforts to limit wildfires'
damage, encouraging every resident to search out and remove
combustibles around vulnerable buildings. Firefighters also plan ahead
to develop the rapid response strategies needed to keep the fires
contained once they break out.
Sadly, the security practices of many organizations are akin to a
community of reckless Southern California homeowners that allow groves
of eucalyptus trees to hang over the eaves of their abodes. Examples of
the dangerous combustibles in your IT environment can include:
users who are not required to periodically change their
elevated, “super-user” credentials. This leads to privileged account
passwords that may never expire becoming known to too many current and
and network appliances that
share common username and password logins, exposing large portions of
the infrastructure should a single account be compromised.
storing of administrative passwords on spreadsheets that are placed in well-known or
to adopt a ”continuous auditing” approach to security, never enacting the processes to search
out new vulnerabilities and mitigate them before they provide the
opening for an attack.
Regardless of how much
your organization spends on security, if any of these examples apply to
your situation, you could be vulnerable to attacks made possible by
about reducing risks
Today, if your
organization runs a network, you're a target for attack. We may never
eliminate the threat but with a sound, layered security approach we can
do much to reduce its potential impact. And when it comes to mitigating
the risks of negligent insiders, organizations need to move beyond
basic training and look for ways to limit the damage.
Your first step is to
ensure that administrative passwords are regularly changed; that
multiple computers, network appliances, or applications don't share
identical credentials; and that no passwords are stored on spreadsheets
that have unmonitored access. Next, enact processes to continuously
scan the infrastructure for new vulnerabilities and take action before
there is an attack.
Regardless of whether you accomplish these steps through manual
processes or by deploying privileged identity management software,
you'll be well on your way to building stronger security and limiting
the potential damage of an attack.
What do you think? Email me at: firstname.lastname@example.org
Avenue of the Stars,
Angeles, CA 90067
Launches / Podcasts
- Random Password Manager is no “con,” though it’s earned one. Military Embedded Systems. One way
the U.S. Army ensures security for enterprise software wares operating
on its Army Enterprise Infrastructure network is by issuing a “CoN” or
Certificate of Networthiness (ironically, to eliminate “cons” and
security breaches). Accordingly, Lieberman Software Corporation’s
Random Password Manager privileged identity management product recently
received the U.S. Army CoN.
Events / Press /
Blog - Third-Party Report: Lieberman Software. Redmond Channel Partner Online.
Lieberman Software, headed by super smart Phil Lieberman, has long been
in the Windows admin market. Now Phil is eying the cloud with
Enterprise Random Password Manager, which now brings its identity
management features to cloud providers.
Not The Real Database Threat
Reading. "Problems like using
commonly known shared
passwords, never changing sensitive passwords, and allowing their
employees to have too much access for too long to sensitive data with
no accountability is the rule rather than the exception."
- Secure and Audited Privileged Account Access
Who has access to your mission-critical systems? Why do they have
access? How can you gain control over your privileged accounts and
provide this information to IT auditors? All of these topics and more
are discussed in this 6:09 broadcast from GSN.
Tip of the Month
Service Account Manager: Enumerating Dependent Services
For years, Service Account Manager has been the go to tool for updating
Windows service account passwords. One reason that it’s the most
efficient solution for performing this complex task is its rare ability
to perform a full dependency analysis on each service. Learn