Almost daily the newspapers feature news of the latest hack or leak. From Panama and methods of tax avoidance, to the Philippines and stolen electoral records, data leaks are coming thick and fast. This is leading to an increased awareness amongst business leaders around IT security, particular in government organisations. The high profile nature of these cases are also helping to drive the understanding that these threats are no longer coming from a cyber-gang secretly hacking into servers from their hiding place on the other side of the globe. It instead helps businesses realise they should perhaps be looking a little closer to home.
Recently a SolarWinds survey found that 53 percent of government IT professionals identified careless and untrained insiders as the biggest IT security threat. Take for example the ongoing Panama Papers hack – all signs point to it stemming from a hack of their email server. This is likely to have come from a user account with a weak password or a user device that had access and was left untended or unprotected.
The following top tips are intended to help IT pros address the growing issue of insider threats within their business.
1) Automate network configurations
IT teams can battle insider threats while also battling budget constraints by automating the network configuration process and procedure. An automated tool will be able to more efficiently identify security gaps in devices and their configuration, immediately notify you when changes are made, perform scheduled network configuration backups, bulk change deployment for thousands of devices and all with minimal input from the IT pro. Network automation tools can also catch configuration errors and automatically notify the administrator of any compliance issues, making their lives much easier.
2) Know who is accessing the network
While it may have brought with it flexibility and freedom, the BYOD boom has added a great deal of risk to organisations as employees choose to use their own devices. Lost or stolen devices can lead to vast amounts of vulnerable data falling into the wrong hands. This can prove catastrophic to the organisation if something is leaked, or worse, compromised. For the IT team to overcome this, it's essential to know who is accessing the network by creating a policy that allows them to track and monitor devices, switches and ports. IT pros can then block unauthorised devices from accessing the network. To ensure maximum security, its best to develop a ‘whitelist' of all the devices which are allowed to infiltrate the network and flagging any devices outside of this list which attempt to gain access.
3) Nonstop network monitoring
Since IT pros have not quite mastered omniscience, it's impossible to be aware of everything that is happening on the network without a little help. By investing in a solution such as security information and event management (SIEM) and log and event management software, IT pros can automatically monitor the network. This means they can be on top of any anomalies and alert administrators of any potential breaches, data leaks, unauthorised users, or suspicious activity. This not only gives the IT pro more time to focus on gaining omniscient powers, but also to fix the problems flagged. Monitoring tools also pinpoint the root of the problem, identifying the user who could be unintentionally compromising the network.
While threats may not always be from the inside, by actioning a few simple tips IT pros can secure their organisation from the inside out and ensure theirs is not tomorrow's news headline.
Contributed by Mav Turner, CIO, SolarWinds