Insider threats—harmful behavior and actions carried out by your company’s employees, typically targeting your IT systems or your digital data—are often the most insidious because they wear an innocent face. It shouldn’t come as a surprise to you that no piece of software and no network can be 100% secure. No software developer sets out to write bad code, and no systems administrator wants to do shoddy work, but in today’s “move fast and sort it out later” business environment, mistakes happen. And sometimes they happen a lot.
How do you protect against carelessness? Particularly when nearly every one of your business operations is vulnerable to carelessness in ways that you probably don’t even know about? In most blogs that we’ve read, this is the point where the authors begin to wax technical and discuss things like “multi-layered security” and “defense in depth” that feel like they belong in the realm of the largest of enterprises. And, if we’re being honest, they’re not wrong. But we’re going to focus on some of the very basics that every business, regardless of size, can and should do.
We’ve written about it before, and you can find a list of common sense tips HERE.
The Accidental Target
One of the most frightening aspects of cybersecurity is the lag time between a data breach and its discovery. Cyber attackers can compromise a system in minutes, yet it can take a business months or more to discover the intrusion, assess the damage and repair the impacts to their systems, their data and, increasingly, their reputation.
Even worse, it’s often customers that discover the data breach as they follow the trail of formerly great credit scores and the instances of stolen identity back to the source where their personal data was compromised.
Following months of cleanup, and lost time, money, and customer trust, it can be a real punch in the face when the root cause of all the damage is simple carelessness. A busy IT admin didn’t follow proper build procedures when deploying a new server. A developer took shortcuts in her code that left a corporate web application vulnerable. An employee innocently plugged in a thumb drive full of music—and malware—into his work PC.
Case in point: the 2013 Target data breach. A giant Big Box retailer, Target experienced a massive data breach that impacted 60 million of their customers and that was reportedly caused by the innocent actions of one of their vendors.
That’s right—one of their vendors. The local network of one of their refrigeration vendors had been infected by malware, and that malware allowed attackers to collect detailed information on how to access Target’s network through a vendor access VPN. Once inside the network, the attackers found additional vulnerabilities and ultimately exploited its Point of Sale systems where customers’ personal information and payment card details are processed.
The scary truth is that threats don’t just come from your own careless employees, but can come from trusted vendors and contractors. Anywhere that your business processes and IT infrastructure meet, within your network and connecting to your supply chain, there’s an opportunity for exploitation. And you don’t have to be a Big Box retailer. Even in a small business, these intersections of business process and IT systems create hundreds or even thousands of potential handholds for attackers to grab onto. Human carelessness only magnifies the potential threat, because it can creep into any part of your business process and expand the perimeter your IT security team is responsible for securing.
Monitor Man and Machine
So how to fight it? You combat all threats by thinking through the process from end to end: getting greater visibility into human activity before bad things happen, and by reducing your response times when they do.
It seems contradictory, but one of the most trusted and yet the most feared ways of reducing the threat of simple carelessness is with employee monitoring. Employee monitoring gets a bad rap (sometimes it is about you) but it can often be the difference between stopping a careless mistake and a massive security breach. In the case of the Target breach, the carelessness only started with the refrigeration vendor’s system. The actual exploit and impact to Target’s customer data occurred after the attackers gained access to the network and roamed about to find other weaknesses to compromise.
It’s for reasons like this that we developed LanScope Cat. LanScope Cat protects you at those points where man meets machine in your business. Not only does it provide industry-leading employee monitoring capabilities, but it also helps you manage your IT system updates and patch levels and identify when non-standard or forbidden software has been installed on your network endpoints.
The result? Systems admins can manage IT assets before things start getting out of control. People managers and those responsible for data policies can monitor and investigate who has done what to compromise your proprietary assets (and your customer data!). LanScope Cat improves visibility, which in turn allows your security team to stop threats before they occur or drastically reduce the amount of time between a compromise and discovery.