Page 24 - index
P. 24
The Security Threat Trifecta: People, Activity and Applications
by Matt Zanderigo, Product Marketing Manager, ObserveIT
Whoever coined the term that “bad things come in three’s” probably didn’t have security
breaches in mind, but it holds true nonetheless. In regards to data breaches and any type of
security threat, those three things can be narrowed down to people, activities, and applications.
Threat of People
Users can be targeted by attacks, make mistakes, or even turn malicious, which makes them
the weakest link in the security chain. The first step in addressing this risk is to understand the
various types of users within your organization and their risk profiles.
Organizations should consider three different categories of people: contractors, IT users, and
everyday business users.
Many of the high-profile breaches of the past year (think Home Depot, Target, etc.) were due to
contractors’ login credentials being stolen. The crippling cyber-attack at Sony has been traced
to the stolen credentials of a systems administrator.
Most recently, a 30-year-old rookie financial adviser (business user) at Morgan Stanley stole
data on the bank’s wealthiest clients. These are just a few examples of each type of user
category that has been part of a recent breach.
Threat of Activity
Top activities that put your organization at risk: usage of personal cloud applications,
uneducated responses to phishing, configuration changes, and remote access. Employees are
opening the door for hackers to enter company infrastructure without knowing it.
Something as simple and unintentional as using personal cloud applications (email, file sharing,
screen capturing) for productivity purposes or clicking a link in a phishing email can grant
outsiders access to your secure network.
Once inside the network, hackers can perform activities to get complete access to the
information for which they are looking (Sudo, account creation and permission changes).
It is extremely difficult to identify unauthorized activity with varying permission levels and the
number of admin-related tasks performed on a daily basis (remote access to new systems or
leap frogging to different machines).
When organizations fail to notice abnormal activity in context of user categories and other
actions, it gives hackers and malicious users time to get valuable data or do real damage.
24 Cyber Warnings E-Magazine – June 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
