cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

How Security Leaders Might Minimize Human Error

Level 13

Omar Rafik, SolarWinds Senior Manager, Federal Sales Engineering

Here’s an interesting article from my colleague Jim Hansen about ways to reduce insider threats. It comes down to training and automation.

A recent federal cybersecurity survey by SolarWinds found federal IT professionals feel threats posed by careless or malicious insiders or foreign governments are at an all-time high. Worse, hackers aren’t necessarily doing technical gymnastics to navigate through firewalls or network defenses. Instead, they’re favoring some particularly vulnerable targets: agency employees.

Who hasn’t worked a 12-hour shift and, bleary-eyed at the end of a long night, accidentally clicked on an email from a suspicious source? Which administrator hasn’t forgotten to change user authorization protocols after an employee leaves an agency? A recent study found 47% of business leaders claimed human error caused data breaches within their organizations.

The “People Problem”

Phishing attacks and stealing passwords through a keylogger attack are some of the more common threats. Hackers have also been known to simply guess a user’s password or log in to a network with former employees’ old credentials if the administrator neglects to change their authorization.

This “people problem” has grown so big, attempting to address the problem through manual security processes has become nearly impossible. Instead, agency IT professionals should automate their security protocols to have their systems look for suspicious user patterns and activities undetected by a human network administrator.

Targeting Security at the User Level

Automating access rights managing and user activity monitoring brings security down to the level of the individual user.

It can be difficult to ascertain who has or should have access rights to applications or data, particularly in a large Department of Defense agency. Reporting and auditing of access rights can be an onerous task and can potentially lead to human error.

Automating access rights management can take a burden off managers while improving their security postures. Managers can leverage the system to assign user authentications and permissions and analyze and enforce those rights. Automated access rights management reinforces a zero-trust mentality for better security while ensuring the right people have access to the right data.

User activity monitoring should be considered an essential adjunct to access rights management. Administrators must know who’s using their networks and what they’re doing while there. Managers can automate user tracking and receive notifications when something suspicious takes place. The system can look for anomalous behavioral patterns that may indicate a user’s credentials have been compromised or if unauthorized data has been accessed.

Monitoring the sites users visit is also important. When someone visits a suspicious website, it’ll show on a user’s log report. High risk staff should be watched more closely.

Active Response Management

Some suspicious activity is even harder to detect. The cybercriminal on the other end of the server could be gathering a treasure trove of data or the ability to compromise the defense network, and no one would know.

Employing a system designed to specifically look for this can head off the threat. The system can automatically block the IP address to effectively kick the attacker out, at least until they discover another workaround.

Staying Ahead in the Arms Race

Unfortunately, hackers are industrious and indefatigable. The good news is we now know hackers are targeting employees first. Administrators can build automated defenses around this knowledge to stay ahead.

Find the full article on Fifth Domain.

The SolarWinds trademarks, service marks, and logos are the exclusive property of SolarWinds Worldwide, LLC or its affiliates. All other trademarks are the property of their respective owners.

14 Comments
Level 14

Thanks for the article.

Level 12

The people problem is the biggest problem. Users who can't be bothered to put their password anywhere other than a Post-It on their monitor, managers who don't want to bother their staff with security, IT pros who are so overworked that they don't have time to patch systems and train users.

MVP
MVP

Thanks for the article.

Level 11

people are always the weakest link, Dynamic think and problem solving also means any bad yo can think of, someone somewhere thinks it's a good idea

Level 13

Thanks for the reminder.  Making sure to terminate accounts promptly when an employee leaves, to add and remove privs as they change departments or roles is tedious but critical.  So often the breaches are caused not some technical wizardry but by not taking care of the basics.

Level 14

Automating access right just make sense.  I am pushing for a SEIM to help track this.

Level 9

Which SEIM's are you looking at?

Level 12

i came from ossec and ossim and i'm looking at solarwinds product.

Level 14

People are both your greatest defense and greatest risk at the same time. Keeping your user accounts clean and up to date is just the start, automation is a great start to defending against the hoards of hackers looking for an entry point. In then end, people will be the key. Educate, test, evaluate the results and continue to test. The more users realize their role in security, the easier it will be for all of us.

Level 13

Thanks for the article.  Great insight.

Level 16

Thanks for the write up

Level 11

Thanks for the article.

MVP
MVP

I would add another element - relationship. I've worked for a variety of "bosses" and they each have their own styles. The ones that seem to garner the most respect and get the most out of their people are the ones that engage with them on more than just a professional level. I don't mean that they become buddies, but that they speak with them on things outside of just work responsibilities. I find that this helps a person feel more valued and as such they are more diligent to not "disappoint."

Level 13

Thanks for the article