Story image

Cyber threats coming from the inside

21 Apr 2016

Awareness amongst business leaders around IT security, particularly within government, is on the rise, according to SolarWinds, who says company data leaks dominating news headlines is contributing to the increase.

“If you were to check the newspapers today you could almost guarantee there would be a story on the latest IT hack,” the company says.

SolarWinds says the high profile nature of these cases are helping drive the understanding that these threats are no longer coming from a cyber-gang nested in a secret hiding place and hacking into the servers of businesses on the other side of the globe.

“It instead helps businesses realise that they should perhaps be looking a little closer to home,” the company warns.

A recent survey by SolarWinds found that 53% of government IT professionals identified careless and untrained insiders as the biggest IT security threat.

Joel Dolisy, CIO at SolarWinds, says despite this, it remains to be seen whether maliciousness was intended or not.

Dolisy says there are some things businesses can do to help address the growing issue of insider threats.

Automate network configurations

Although IT teams are often stretched and battling budget constraints, by automating the network configuration process the procedure could be carried out much more efficiently, Dolisy says.

“An automated tool can perform scheduled network configuration backups, bulk change deployment for thousands of devices and all with minimal input from the IT pro, freeing up valuable time,” he says.

“As well as limiting the concern over insider threats, these tools can also catch configuration errors and automatically notify the administrator of any compliance issues, making their lives much easier.”

Know who is accessing the network

Dolisy says the BYOD boom has added a great deal of risk to organisations as employees choose to use their own devices.

“Losing a laptop or having a smartphone stolen out of a bag can lead to vast amounts of vulnerable data which can prove catastrophic to the organisation if something is leaked or worse, compromised,” he explains.

By creating a policy that allows the team to track and monitor devices, switches and ports, IT pros can block unauthorised devices from accessing the network, says Dolisy.

“To ensure maximum security, it is best to develop a ‘whitelist’ of all the devices which are allowed to infiltrate the network and flagging any devices outside of this list which attempt to gain access,” he says.

Nonstop network monitoring 

“Ideally an IT pro would be omniscient,” Dolisy states.

“But since it’s impossible to be aware of everything that is happening on the network, investing in a solution, such as security information and event management (SIEM) and log and event management software, can automatically monitor the network for any anomalies and alert administrators of any potential breaches, data leaks, unauthorised users, or suspicious activity,” he explains.

“This frees up an IT pro’s time to focus on solving the problems flagged,” says Dolisy. “It also allows them to pinpoint where the root of the problem is and identify the user who could be unintentionally compromising the network.”

GitHub launches fund to sponsor open source developers
In addition to GitHub Sponsors, GitHub is launching the GitHub Sponsors, GitHub will match all contributions up to $5,000 during a developer’s first year in GitHub Sponsors.
Check Point announces integration with Microsoft Azure
The integration of Check Point’s advanced policy enforcement capabilities with Microsoft AIP’s file classification and protection features enables enterprises to keep their business data and IP secure, irrespective of how it is shared. 
Why AI will be procurement’s greatest ally
"AI can help identify emerging suppliers, technologies and products in specific categories."
Are AI assistants teaching girls to be servants?
Have you ever interacted with a virtual assistant that has a female-based voice or look, and wondered whether there are implicitly harmful gender biases built into its code?
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
Data#3 to exclusively provide MS licences to WA Government
The technology services provider has won two contracts with the Western Australia Government, becoming its sole Microsoft licence provider.
Why cash is no longer king in Australia
Australia is leading the way in APAC for granting credit on B2B transactions.