The 5 Biggest Mistakes Enterprises Make on their Way to Cyber Security
Companies, both large and small, face wide range of security issues. Yet, it’s the data breaches involving large enterprises that receive far more media coverage and lead to more damaging consequences, like huge financial losses and lasting reputation damage. Adversaries tend to take advantage of complicated infrastructures of large companies; with hundreds of employees continuously making changes to IT systems and sensitive data. It’s difficult to keep all these activities under control, which makes enterprises more vulnerable to various forms of cyber threats.
Any mistake can result in costly consequences. But there are five mistakes that are the most prevalent, and yet perhaps the easiest to avoid. This findings were revealed in the Netwrix 2015 State of IT Changes Survey that involved more than 700 IT professionals from over 40 industries worldwide. The data in this survey also shows that companies would be wise to apply a security policy that will help avoid the following:
- Overlooking critical changes. The inability to keep track of events happening across IT environment leaves enterprises open to security risks. Unfortunately, the number of large enterprises that make changes without documentation has increased by more than 20% since 2014, and reached 66% in 2015. The survey also revealed that undocumented changes are made with alarming frequency: 17% – daily, 39% – weekly, 37% – monthly.
- Ignoring the workflows. Despite widely adopted change management controls, enterprises continue to ignore the workflows and make undocumented changes that affect system availability and data integrity. In fact, 33% of changes made by enterprises in 2015 resulted in security breaches, compared to 17% last year. In terms of system downtime, large enterprises turn to be the worst offenders, as 73% of enterprises regularly make changes that interrupt sustainability of business processes, in comparison to 69% in 2014.
- Using outdated methods to audit changes. Although enterprises are as constrained in budget as small businesses are, 35% of them are not using their human capital efficiently and prefer to monitor event logs manually rather than automate this activity. As a result, IT teams are flooded with numerous report requests, are not able to perform their routine tasks efficiently. This increases their risk of overlooking the malicious activity that may indicate a data breach.
- Trusting the trusted. Having a large IT staff is essential to manage and support vast and complicated enterprise IT infrastructures. However, the larger the team, the more difficult it is to keep tabs on what each privileged user is doing. The survey revealed that 23% of IT teams with more than ten people made changes that later resulted in security breaches in 2015. Even the smallest employee mistakes or misbehavior could compromise sensitive data.
- Making the same mistakes. The number of massive data breaches affecting large companies is growing and one can assume that enterprises learn their lessons and do their best to become more security conscious. Now everyone agrees that change documentation has become a cornerstone to any cybersecurity program. Surprisingly, the survey showed that enterprises turned out to be even more lax about documenting changes than expected. 22% of IT teams consisting of more than 10 IT pros regularly forget to document changes that are made every day, which is almost twice as much compared to the results of 2014.
Every day enterprises deal with thousands of changes that can potentially compromise their security or interrupt business continuity. No matter what security mechanisms enterprises have, practice shows that all of them are useless if employees systematically violate internal security policies. Even the most trusted employees from time to time make mistakes and overlook critical changes, which can negate the effect of security efforts. Therefore, it is essential to establish rigorous control over privileged user activities and enable complete visibility into what is going on across the entire IT infrastructure.
By Michael Fimin