Internal security threats at the Enterprise level (page 1 of 2)

People, people and more people
Managing users is one of your biggest challenges. User Provisioning involves adding users to systems and applications when they join your organization. As they change roles, those rights need changing and when they leave those rights need deleting quickly and effectively. The user provisioning system needs to effect these changes correctly and rapidly to ensure users do not have too much privilege on systems that may breach the separation of duties principle and enable fraud to be more readily perpetrated. When they leave, you have to ensure that every single user account they have on every system is removed immediately otherwise they have the opportunity to easily gain unauthorized access to the business systems.

Research has found that any one user will be defined in a minimum of 17 places in your IT infrastructure. However, when that person leaves, it can take between 2 and 4 months to remove all the user rights, and even then, on average, 6 identities per user will be left on the system, making it easier for former employees to gain unauthorized access to sensitive business information.


Access, access and more access
Employees, partners and customers require secure access to business-critical applications spanning disparate platforms and operating systems, exposing you to security risks. Without correct management of this access, attacks on business information can take place. For example, disgruntled employees could access the HR records and find out about a colleague's salary package, or have access to other sensitive business information they should not be viewing. A careless employee could accidentally delete records from a database or make incorrect financial data transactions. If access to these resources is not tightly controlled, fraudulent activities could take place, such as financial records being changed. This may go undetected as the attacker could cover his or her tracks by amending the audit trails.

One area of exposure to data theft and virus propagation is the sharing of windows filestore directories. A user may create an adhoc share to enable a colleague to access some information on his system. Often this is done hurriedly and permissions are left to default to full permission for everyone. When the access is finished the share can often get forgotten leaving a gaping hole in your security.


Passwords
In today's IT environments users have multiple log-in IDs for the systems and applications they use in their jobs, resulting in many passwords for them to remember. When users have to remember so many passwords, they often choose simple or easy to remember passwords, like names of pets, or date of birth.

This creates security holes in three ways: firstly users need to find a way to remember all these passwords so they typically write them down where they can be easily seen by others; secondly the easy to remember passwords are simple to crack with today's hacking tools; and finally the personal passwords are often easily guessed by colleagues who know their personal circumstances, or through "social engineering" attacks where someone engages in a friendly conversation and can soon find out simple personal details such as children's names, pets names etc.

Of course, even with simple passwords users forget them, putting the IT helpdesk under strain because of the volume of calls (Gartner reports that 25% of all helpdesk calls are password related) and increasing the work load of systems administrators who spend their time re-setting passwords, instead of looking after the critical IT resources.


Desktop Antivirus tools
Anti-virus tools are a default part of an organizations security infrastructure.