As a cyber security software vendor, we’ve conducted many risk assessments for enterprises. Over the years we’ve seen some egregious security faux pas, even at highly regulated organizations.
However, despite the occasional outlandish blunder, most of the IT security mistakes we witness are fairly common and predictable. In our experience, here are the five most frequent information security errors that organizations make:
- Common credentials: Setting all workstations and/or server administrator accounts to the same password is a convenience for IT – but also for hackers. If a hacker compromises one machine and discovers the password, all the machines with that same password become compromised.
- Local administrators: Allowing users to logon as administrator of their own machines is a normal, although perilous, IT practice. Should malware take over a machine, attackers can potentially gain access to the domain administrator accounts that manage the system. That can quickly escalate to the point where an organization loses total control of its enterprise.
- Persistent access. Too many organizations allow systems or applications to use domain administrator accounts with long-lived privileged passwords to manage machines. Problem is, if an intruder steals the password he can use it to maintain access for as long as that credential remains unchanged – whether it’s weeks, months or even years.
- Porous perimeter. Perimeter security tools like firewalls and intrusion detection are effective at defending against known threats. But targeted phishing attacks, zero days and similar advanced threats can easily bypass perimeter protections and infiltrate the network.
- Bad assumptions. Here is one of the most dangerously incorrect assumptions that many IT groups make. Assuming that their environment cannot be, or has not been, breached. That is a bad bet to make. But the problem compounds when nothing is done to proactively search for intrusions or compromised systems. And then prepare for inevitable cyber attacks.
So what is an organization to do when they’ve committed one or more of our top five cyber security mistakes? Here’s our first recommendation: air gaps. By that we mean disconnect critical systems from the Internet and don’t allow the use of untrusted peripherals on your network.
Then, consider implementing an internal defense solution like automated privileged identity management. That would ensure your privileged credentials are always in a changing state, and that any captured credentials have limited-time value. And don’t forget about multi-factor authentication. It’s an essential defense-in-depth requirement since most cyber attacks capture user names and passwords with ease.