Insider threats are a constant concern for organisations. As end users become accustomed to always-on, real-time access to corporate data, they become targets of criminals who want those same data sources. Worse yet, that user too often becomes an attacker’s entry point to the business. End user security is therefore really important and must form part of every company’s information security and risk management strategy.
What’s worrying is that organisations are failing to patch, which is a basic security measure. Analysis from our 2016 Global Threat Intelligence Report (GTIR) found that nearly 21% of vulnerabilities detected in client networks were more than three years’ old, and more than 17% were over 5 years’ old. There were even vulnerabilities from as far back as 1999.
Businesses need to improve their vulnerability management programs and there are a number of steps that can be taken:
- Define a set of approved configurations to harden and operate end user machines. This should include approved operating systems, applications and utilities, and even browsers.
- Inform users what those standards are and make it clear that any unapproved software is not only unapproved, but unauthorised too and can result in disciplinary action.
- Ensure the right level of user permissions and system access rights are managed and reviewed to monitor and control the use of admin or other accounts that are allowed to change system configurations.
- Actively apply the latest software patches to end user systems to help close vulnerabilities and maintain current anti-virus and anti-malware solutions on all end user devices, which have access to company networks or data.
- Conduct regular internal and external authenticated vulnerability scans to help identify systems that are out of policy. Once identified, put in place a process to update the systems in a timely manner and, for the systems agreed to be out of policy, manage and review an exceptions list along with the users who have access to such systems.
It is also recommended that vulnerability management is complemented with other basic security measures such as defining processes and best practice, and implementing training programs. The end user will continue to be a concern, and these basic steps will improve the security of data.
Recent years have seen the number of reported IT industry vulnerabilities rise at an alarming rate. The European Union Agency for Network and Information Security (ENISA) Good Practice Guide on Vulnerability Disclosure published in December 2015 reports a year-on-year increase of approximately 53 percent between 2013 and 2014. High-profile vulnerabilities to emerge in this period have included Heartbleed, POODLE, Shellshock and Sandworm. Together they have had such far-reaching consequences that the debate surrounding vulnerability disclosure and best practice has re-opened.