Compromised Credentials & Security Breaches
Some of the most high-profile attacks on organisations in recent years, such as those at Sony Entertainment and JP Morgan, occurred as a result of compromised employee credentials.
For IT Departments it can be a daunting task trying to identify suspicious access to networks when the adversary has valid and authorized credentials.
However, IS Decisions research among 1500 US and UK employees from finance, legal and the healthcare sector reveals many organizations still have huge gaps in their security protocols. Simply put, far too many IT Departments are putting sensitive data at risk by failing to provide adequate access security for their employees using their internal network systems.
Little to no control over network access
There is only so much that can be addressed by raising security awareness and training, as even educated employees make mistakes. Users are human, they are flawed, they will always act outside the boundaries of policy and sometimes common-sense. They can be malicious, sometimes careless and often exploited.
This is why it makes sense to turn to technology to assist in implementing access restrictions to sensitive data on the network.
1. Context-aware access controls
Strong security should not come at the expense of employee productivity. Today’s digital workforce require fast access to be effective and thus demand less friction, reducing the value of preventative restrictions that impede users such as tokens. The more you can restrict the less open the network is to a breach from compromised network logins.
This is why contextual elements such as restricting concurrent logins, or limiting access to locations and times, are all about reducing the vulnerable surface area without eroding employee agility.
From the research only a minority of organizations have taken these extra steps with 30 per cent restricting access by location and just 17 per cent restricting according to time.
If users are allowed to login to more than one machine at a time, then ability to attribute actions is significantly decreased. Only 30 per cent are prevented from using their credentials to login to more than one machine at once.
2. Balance protection with detection and response
The research showed a lot of work must still to be done on monitoring. Only 44 per cent of employees are aware that their organization monitors user access to the network and 29 per cent are aware that their organization monitors user access to specific files and folders.
It is possible that more organizations are actually monitoring without employee knowledge, but transparency in this regard will encourage good behavior.
Monitoring and logging network access on a granular level helps an organization to detect and immediately react to any issues before they become a serious problem. In addition to communicating the fact that you’re monitoring your employees, you’ll dissuade leakages and theft from malicious employees, who will know that their actions will come back to haunt them.
Windows Active Directory Networks
Unauthorized access to networks and sensitive information is a critical problem for most organizations and security in a Microsoft Windows Active Directory-based infrastructure relies heavily on a user’s login.
UserLock is designed to control and monitor all authenticated users access to the network. It leverages and extends organizations existing Active Directory investment to better protect Windows user logins and reduce the risk from security and compliance issues.