Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

10/2/2017
10:30 AM
Darren McCue
Darren McCue
Commentary
100%
0%

5 IT Practices That Put Enterprises at Risk

No one solution will keep you 100% protected, but if you avoid these common missteps, you can shore up your security posture.

A billion data records are compromised in the US in more than 90 million different cyber-related incidents each year, with each event costing a company an average of $15 million in damages. Certainly, cybersecurity threats continue to increase in size and complexity, but the real problem is that too many IT organizations are leaving their enterprises vulnerable to attacks because they overlook a number of simple tasks. Although no single solution or approach will keep organizations completely protected, there are some things to avoid so that IT teams can shore up their security posture and ensure continual improvement to match the advancing threat.

1. Using Old Printers
Surprisingly, office printers present three threat vectors. First, printers store images of documents. Don't forget to destroy the remains of sensitive corporate data or personally identifiable information that may be left on an internal hard drive of an office printer.

In addition, IT staffers often miss updates or news of exploitable office vulnerabilities. Tracking firmware updates for printers is something for which no one really has the time or patience. Most updates will require at least some physical access to the device (especially if something doesn't go as expected). Doing routine update checks is a great idea, and if you can't keep up with multiple vendor patches, make sure that you at least isolate printers on a separate VLAN with access limited to core protocols for printing. 

Finally, third-party vendor access can cause issues. Managed providers often have VPN credentials for enterprises to allow them access to perform maintenance and inventory. This is another gateway into your environment and is a third-party exposure that must be monitored. Limit their access as much as possible and require that access be handled via least privileged means.

2. Disregarding Alerts
The average enterprise generates nearly 2.7 billion actions from its security tools per month, according to a recent study from the Cloud Security Alliance (CSA). A tiny fraction of these are actual threats — less than 1 in a 100. What's more, over 31% of respondents to the CSA study admitted they ignore alerts altogether because they think so many of the alerts are false positives. Too many incoming alerts are creating a general sense of overload for anyone in IT. Cybersecurity practitioners must implement a better means of filtering, prioritizing, and correlating incidents. Executives should have a single platform for collecting data, identifying cyber attacks and tracking the resolution. This is the concept of active response — not only identifying threats, but being able to immediately respond to them as well.

3. Giving Away Admin Rights
Administrative rights arm malware and other unwanted applications with the authority needed to inflict damage to an enterprise. The access granted to manipulate system-level services and core file systems is greater than a power user needs on a regular basis. Forcing users to provide administrator credentials to deploy new applications tremendously cuts down threat exposure. This also creates an audit trail that lets security analysts rapidly identify issues, especially those that present signs of intrusion.

Any form of administrator rights must come with a degree of risk analysis on behalf of the IT department. IT executives should consider what damage is possible if a user account is compromised, and what ripple effect would administrative rights have on secondary systems. Administrator access should be the exception, not the norm. If applied properly, organizations can proactively identify issues rather than spend all weekend cleaning up compromised systems.

4. Ignoring Employee Apps
Do you really know what cloud services are being actively used in your network? Many organizations look the other direction when employees use social media and cloud services on their own. But the potential for an IT crisis can be quietly brewing as internal business users create their own IT infrastructure without any adherence to corporate policy. Monitoring cloud application connections can create increased visibility into unapproved software-as-a-service use, and limit the potential for a loss of intellectual property or sensitive information. Cloud access security broker solutions proxy outbound traffic to cloud applications and offer a detailed view into user behaviors.

5. Being Unprepared for Device Loss
Road warriors often fall victim to theft or accidentally leave a laptop or smartphone in a taxi, never to be seen again. This can be a non-event if the device is remotely managed and encrypted, but a major threat if the device contains unsecured sensitive data. IT administrators need to understand what data is being stored where. If it is anything sensitive, they should ensure that devices are properly encrypted and that remote access tools such as VPNs are in use and disabled in the event of a loss. Documenting that devices are encrypted and properly locked down will go a long way in the event of a data leak as well.

As cyberthreats have evolved, so has incident management. What hasn't changed, unfortunately, is the need to address the simple and often tedious IT practices that, when ignored, can threaten enterprise security. From forgetting to revoke administrative privileges to providing third-party access to printers, the common cybersecurity challenges that enterprises face can be fixed, putting enterprises in the best position to address the current and evolving cyberthreat.

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Darren McCue is President of Dunbar Security Solutions, where he has led the integration of Dunbar's Cybersecurity, Security Systems, and Protective Services businesses and is responsible for strategically growing the company. For more than 22 years, he has spearheaded growth ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/10/2017 | 4:42:50 PM
Re: VERY INTEREEESTING!!!
@REISEN: It's been a while, but I seem to remember that if you del'd or deltree'd a file or directory, it was still in memory until you turned off the computer or rebooted -- and could be undeleted as such. Is my memory mistaken?

(Or perhaps that was only in a later version?)
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
10/5/2017 | 10:42:41 AM
Re: VERY INTEREEESTING!!!
Server - not really on subject. Anybody who remembers NOVELL and DOS.  Avon in Suffern NY was a client of Microage of Mahwah and one day the CNE admin left his desk for coffee - terminal on, admin rights and a user wlaked by, thought he could use DELTREE to clean off some folders on his assigned F drive ... which he did, sitting at the admin console on the ROOT DRIVE OF THE NOVELL SERVER.

DELLTREE did what it was told to do and wiped the server off the face of the earth in 5 seconds.,

They were glad for backups.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/3/2017 | 5:36:47 PM
Re: VERY INTEREEESTING!!!
> Local Admin right should NEVER be granted

Reminds me of a colleague telling me about an organization he went into where -- because they were out of workstations -- they let the temp use the main server for his computer!

That was quickly changed once AIM and ICQ and a bunch of games were found downloaded on the server.
PVDB
50%
50%
PVDB,
User Rank: Apprentice
10/3/2017 | 11:59:10 AM
Chapeau bas!
Great, really great article - respect to the form and substance.

I really appreciate your effort - big thanks.

 

pb
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
10/2/2017 | 10:51:37 AM
VERY INTEREEESTING!!!
To quote old Arte Joohnson on LAUGH IN.  Actually good stuff.  There was a horrendous hack open on HP Officejet printers that involved a long google search string and would display internal web page of ANY officejet printer around the world!!   IP address displayed too - open door for a hacker.  Local Admin right should NEVER be granted - closes down local app installatoin.    Updates and PATCHES are also mandatory. 
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...