Lieberman Software Corporation CEO Philip Lieberman highlights some of the key areas that could result in harmful breaches
As a cyber security software vendor, we’ve conducted many risk assessments for enterprises. Over the years we’ve seen some egregious security faux pas, even at highly regulated organisations. However, despite the occasional outlandish blunder, most of the IT security mistakes we witness are fairly common and predictable. In our experience, here are the five most frequent information security errors that organisations make:
- Common credentials: Setting all workstations and/or server administrator accounts to the same password is a convenience for IT – but also for hackers. If one machine is compromised and the password discovered, all the machines with that same password become compromised.
- Local administrators: Allowing users to logon as administrator of their own machines is a normal, although perilous, IT practice. Should malware take over a machine, attackers can potentially gain access to the domain administrator accounts that manage the system. That can quickly escalate to the point where an organisation loses total control of its enterprise.
- Persistent access. Too many organisations allow systems or applications to use domain administrator accounts with long-lived privileged passwords to manage machines. Problem is, if an intruder steals the password he can use it to maintain access for as long as that credential remains unchanged – whether it’s weeks, months or even years.
- Porous perimeter. Perimeter security tools like firewalls and intrusion detection are effective at defending against known threats. But targeted phishing attacks, zero days and similar advanced threats can easily bypass perimeter protections and infiltrate the network.
- Bad assumptions. One of the most dangerously incorrect assumptions that many IT groups make is that their environment cannot be, or has not been, breached. That is a bad bet to make, but the problem compounds when nothing is done to proactively search for intrusions or compromised systems – and prepare for inevitable cyber attacks.
So what is an organisation to do when they’ve committed one or more of our top five cyber security mistakes? Here’s our first recommendation: air gaps. By that we mean disconnect critical systems from the Internet and don’t allow the use of untrusted peripherals on your network.
Then, consider implementing an internal defence solution which would ensure your privileged credentials are always in a changing state, and that any captured credentials have limited-time value. And don’t forget about multi-factor authentication. It’s an essential defense-in-depth requirement since most cyber attacks capture user names and passwords with ease.
Philip Lieberman is CEO of Lieberman Software Corporation
Are you a security expert? Try our quiz!