If you recall, to kick off the New Year, the Head Geeks made predictions forecasting how they thought the year in IT would unfold. Now that we’re past the mid point in 2015, I thought it would be fun to revisit some of their predictions over the coming weeks.
So, to kick things off, let’s start with the following prediction:
It’s safe to say that this prediction from adatole holds true. Security issues can be devastating for a company, let’s take a look at this related article, “preventing a minor, insider accident from becoming a security catastrophe.”
There are accidents – and then there are accidents.
A dog eating a kid’s homework is an accident. Knocking over a glass of water is an accident. A fender-bender at a stop sign is an accident.
The incorrect use of personal devices or the inadvertent corruption of mission-critical data by a government employee can turn out to be more than simple accidents, however. These activities can escalate into threats that can result in national security concerns.
These types of accidents happen more frequently than one might expect — and they’ve got DOD IT professionals worried. Because for all of the media and the government’s focus on external threats — hackers, terrorists, foreign governments, etc. — the biggest concern continues to be threats from within.
As a recent survey by my company, SolarWinds, points out, administrators are especially cognizant of the potential for fellow colleagues to make havoc — inducing mistakes. Yes, it’s true: DOD technology professionals are just as concerned about the person next to them making a mistake as they are of an external anonymous-style group or a rogue hacker.
So, what are agencies doing to tackle internal mistakes? Primarily, they’re bolstering federal security policies with their own security policies for end-users.
While this is a good initial approach, it’s not nearly enough.
IT professionals need more than just intuition and intellect to address compromises resulting from internal accidents. Any monitoring of potential security issues should include the use of technology that allows IT administrators to pinpoint threats as they arise, so they may be addressed immediately and without damage.
Thankfully, there are a variety of best practices and tools that address these concerns and nicely complement the policies and training already in place, including:
- Monitoring connections and devices on the network and maintaining logs of user activity to track: where on the network certain activity took place, when it occurred, what assets were on the network, and who was logged into those assets.
- Identifying what is or was on the network by monitoring network performance for anomalies, tracking devices, offering network configuration and change management, managing IT assets, and monitoring IP addresses.
- Implementing tools identified as critical to preventing accidental insider threats, such as those for identity and access management, internal threat detection and intelligence, intrusion detection and prevention, SIEM or log management, and Network Admission Control.
Our survey respondents called out each of these tools as useful in preventing insider threats. Together and separately, they can assist in isolating and targeting network anomalies. Log and event management tools, for example, can monitor the network, detect any unauthorized (or, in this case, accidental) activity, and generate instant analyses and reports. They can help IT professionals correlate a problem — say, a network outage — directly to a particular user. That user may or may not have inadvertently created an issue, but it doesn’t matter. The software, combined with the policies and training, can help administrators attack it before it goes from simple mistake to “Houston, we have a problem.”
The fact is, data that’s accidentally lost can easily become data that’s intentionally stolen. As such, you can’t afford to ignore accidental threats, because even the smallest error can turn into a very large problem.
**Note: This article was originally published by Defense Systems.**