Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

10/2/2017
10:30 AM
Darren McCue
Darren McCue
Commentary
100%
0%

5 IT Practices That Put Enterprises at Risk

No one solution will keep you 100% protected, but if you avoid these common missteps, you can shore up your security posture.

A billion data records are compromised in the US in more than 90 million different cyber-related incidents each year, with each event costing a company an average of $15 million in damages. Certainly, cybersecurity threats continue to increase in size and complexity, but the real problem is that too many IT organizations are leaving their enterprises vulnerable to attacks because they overlook a number of simple tasks. Although no single solution or approach will keep organizations completely protected, there are some things to avoid so that IT teams can shore up their security posture and ensure continual improvement to match the advancing threat.

1. Using Old Printers
Surprisingly, office printers present three threat vectors. First, printers store images of documents. Don't forget to destroy the remains of sensitive corporate data or personally identifiable information that may be left on an internal hard drive of an office printer.

In addition, IT staffers often miss updates or news of exploitable office vulnerabilities. Tracking firmware updates for printers is something for which no one really has the time or patience. Most updates will require at least some physical access to the device (especially if something doesn't go as expected). Doing routine update checks is a great idea, and if you can't keep up with multiple vendor patches, make sure that you at least isolate printers on a separate VLAN with access limited to core protocols for printing. 

Finally, third-party vendor access can cause issues. Managed providers often have VPN credentials for enterprises to allow them access to perform maintenance and inventory. This is another gateway into your environment and is a third-party exposure that must be monitored. Limit their access as much as possible and require that access be handled via least privileged means.

2. Disregarding Alerts
The average enterprise generates nearly 2.7 billion actions from its security tools per month, according to a recent study from the Cloud Security Alliance (CSA). A tiny fraction of these are actual threats — less than 1 in a 100. What's more, over 31% of respondents to the CSA study admitted they ignore alerts altogether because they think so many of the alerts are false positives. Too many incoming alerts are creating a general sense of overload for anyone in IT. Cybersecurity practitioners must implement a better means of filtering, prioritizing, and correlating incidents. Executives should have a single platform for collecting data, identifying cyber attacks and tracking the resolution. This is the concept of active response — not only identifying threats, but being able to immediately respond to them as well.

3. Giving Away Admin Rights
Administrative rights arm malware and other unwanted applications with the authority needed to inflict damage to an enterprise. The access granted to manipulate system-level services and core file systems is greater than a power user needs on a regular basis. Forcing users to provide administrator credentials to deploy new applications tremendously cuts down threat exposure. This also creates an audit trail that lets security analysts rapidly identify issues, especially those that present signs of intrusion.

Any form of administrator rights must come with a degree of risk analysis on behalf of the IT department. IT executives should consider what damage is possible if a user account is compromised, and what ripple effect would administrative rights have on secondary systems. Administrator access should be the exception, not the norm. If applied properly, organizations can proactively identify issues rather than spend all weekend cleaning up compromised systems.

4. Ignoring Employee Apps
Do you really know what cloud services are being actively used in your network? Many organizations look the other direction when employees use social media and cloud services on their own. But the potential for an IT crisis can be quietly brewing as internal business users create their own IT infrastructure without any adherence to corporate policy. Monitoring cloud application connections can create increased visibility into unapproved software-as-a-service use, and limit the potential for a loss of intellectual property or sensitive information. Cloud access security broker solutions proxy outbound traffic to cloud applications and offer a detailed view into user behaviors.

5. Being Unprepared for Device Loss
Road warriors often fall victim to theft or accidentally leave a laptop or smartphone in a taxi, never to be seen again. This can be a non-event if the device is remotely managed and encrypted, but a major threat if the device contains unsecured sensitive data. IT administrators need to understand what data is being stored where. If it is anything sensitive, they should ensure that devices are properly encrypted and that remote access tools such as VPNs are in use and disabled in the event of a loss. Documenting that devices are encrypted and properly locked down will go a long way in the event of a data leak as well.

As cyberthreats have evolved, so has incident management. What hasn't changed, unfortunately, is the need to address the simple and often tedious IT practices that, when ignored, can threaten enterprise security. From forgetting to revoke administrative privileges to providing third-party access to printers, the common cybersecurity challenges that enterprises face can be fixed, putting enterprises in the best position to address the current and evolving cyberthreat.

Related Content:

Join Dark Reading LIVE for two days of practical cyber defense discussions. Learn from the industry’s most knowledgeable IT security experts. Check out the INsecurity agenda here.

Darren McCue is President of Dunbar Security Solutions, where he has led the integration of Dunbar's Cybersecurity, Security Systems, and Protective Services businesses and is responsible for strategically growing the company. For more than 22 years, he has spearheaded growth ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/10/2017 | 4:42:50 PM
Re: VERY INTEREEESTING!!!
@REISEN: It's been a while, but I seem to remember that if you del'd or deltree'd a file or directory, it was still in memory until you turned off the computer or rebooted -- and could be undeleted as such. Is my memory mistaken?

(Or perhaps that was only in a later version?)
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
10/5/2017 | 10:42:41 AM
Re: VERY INTEREEESTING!!!
Server - not really on subject. Anybody who remembers NOVELL and DOS.  Avon in Suffern NY was a client of Microage of Mahwah and one day the CNE admin left his desk for coffee - terminal on, admin rights and a user wlaked by, thought he could use DELTREE to clean off some folders on his assigned F drive ... which he did, sitting at the admin console on the ROOT DRIVE OF THE NOVELL SERVER.

DELLTREE did what it was told to do and wiped the server off the face of the earth in 5 seconds.,

They were glad for backups.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/3/2017 | 5:36:47 PM
Re: VERY INTEREEESTING!!!
> Local Admin right should NEVER be granted

Reminds me of a colleague telling me about an organization he went into where -- because they were out of workstations -- they let the temp use the main server for his computer!

That was quickly changed once AIM and ICQ and a bunch of games were found downloaded on the server.
PVDB
50%
50%
PVDB,
User Rank: Apprentice
10/3/2017 | 11:59:10 AM
Chapeau bas!
Great, really great article - respect to the form and substance.

I really appreciate your effort - big thanks.

 

pb
REISEN1955
50%
50%
REISEN1955,
User Rank: Ninja
10/2/2017 | 10:51:37 AM
VERY INTEREEESTING!!!
To quote old Arte Joohnson on LAUGH IN.  Actually good stuff.  There was a horrendous hack open on HP Officejet printers that involved a long google search string and would display internal web page of ANY officejet printer around the world!!   IP address displayed too - open door for a hacker.  Local Admin right should NEVER be granted - closes down local app installatoin.    Updates and PATCHES are also mandatory. 
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-24376
PUBLISHED: 2021-06-21
The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the "Import Settings" feature, after its extraction. However, the extracted folders are not checked and it is possible to upload a zip which contained a directory w...
CVE-2021-24377
PUBLISHED: 2021-06-21
The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to protect against RCE as a race condition can be achieved in between the moment the file is extracted on t...
CVE-2021-24378
PUBLISHED: 2021-06-21
The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside an archive which will execute w...
CVE-2021-24379
PUBLISHED: 2021-06-21
The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user (even unauthenticated) to add unlimited like/dislike to any comment. The plugin appears to have some...
CVE-2021-24383
PUBLISHED: 2021-06-21
The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue