Omar Rafik, SolarWinds Senior Manager, Federal Sales Engineering
Here’s an interesting article from my colleague Jim Hansen about ways to reduce insider threats. It comes down to training and automation.
A recent federal cybersecurity survey by SolarWinds found federal IT professionals feel threats posed by careless or malicious insiders or foreign governments are at an all-time high. Worse, hackers aren’t necessarily doing technical gymnastics to navigate through firewalls or network defenses. Instead, they’re favoring some particularly vulnerable targets: agency employees.
Who hasn’t worked a 12-hour shift and, bleary-eyed at the end of a long night, accidentally clicked on an email from a suspicious source? Which administrator hasn’t forgotten to change user authorization protocols after an employee leaves an agency? A recent study found 47% of business leaders claimed human error caused data breaches within their organizations.
The “People Problem”
Phishing attacks and stealing passwords through a keylogger attack are some of the more common threats. Hackers have also been known to simply guess a user’s password or log in to a network with former employees’ old credentials if the administrator neglects to change their authorization.
This “people problem” has grown so big, attempting to address the problem through manual security processes has become nearly impossible. Instead, agency IT professionals should automate their security protocols to have their systems look for suspicious user patterns and activities undetected by a human network administrator.
Targeting Security at the User Level
Automating access rights managing and user activity monitoring brings security down to the level of the individual user.
It can be difficult to ascertain who has or should have access rights to applications or data, particularly in a large Department of Defense agency. Reporting and auditing of access rights can be an onerous task and can potentially lead to human error.
Automating access rights management can take a burden off managers while improving their security postures. Managers can leverage the system to assign user authentications and permissions and analyze and enforce those rights. Automated access rights management reinforces a zero-trust mentality for better security while ensuring the right people have access to the right data.
User activity monitoring should be considered an essential adjunct to access rights management. Administrators must know who’s using their networks and what they’re doing while there. Managers can automate user tracking and receive notifications when something suspicious takes place. The system can look for anomalous behavioral patterns that may indicate a user’s credentials have been compromised or if unauthorized data has been accessed.
Monitoring the sites users visit is also important. When someone visits a suspicious website, it’ll show on a user’s log report. High risk staff should be watched more closely.
Active Response Management
Some suspicious activity is even harder to detect. The cybercriminal on the other end of the server could be gathering a treasure trove of data or the ability to compromise the defense network, and no one would know.
Employing a system designed to specifically look for this can head off the threat. The system can automatically block the IP address to effectively kick the attacker out, at least until they discover another workaround.
Staying Ahead in the Arms Race
Unfortunately, hackers are industrious and indefatigable. The good news is we now know hackers are targeting employees first. Administrators can build automated defenses around this knowledge to stay ahead.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community.
More than 150,000 members are here to solve problems, share technology and best practices, and directly
contribute to our product development process.