Professional Documents
Culture Documents
FROM
USER SECURITY VULNERABILITIES
How to Prepare for the Five Most Likely Threats
Traditional IT security efforts focus on building and securing the perimeter of organizations
using firewalls, antivirus software and a variety of other security measures. This approach
was effective when technology and data access were relatively static and most workers
used desktop computers in their assigned cubicles inside an office building.
Many security
attacks
occurring
today result
from actions
of authorized
users, most
of whom are
unaware they
are creating
risks for their
enterprise.
Things have changed in todays work environment where mobile workforces regularly access cloud-based applications and
services from laptops, tablets and smartphones over secure private and open public networks. In this new era, perimeterbased security cannot provide organizations with complete protection from data breaches. Many security attacks occurring
today result from actions of authorized users, most of whom are unaware they are creating risks for their enterprise.
As IT operations and end-user computing executives roll out new cloud and mobile-first initiatives to meet business
needs and workforce demands, they face new challenges. In addition to being responsible for empowering workforces
by providing them with flexible access to data and resources, these executives must now identify the new technologies
security risks and put in place enough protection to secure the organization.
Understanding risks and prioritizing security efforts can seem like a daunting task. With threats coming from every
direction and more devices and connections to protect than ever before, the first step IT teams must take is to identify
their top security vulnerabilities. While every organization is different, there are common threats facing companies
of all sizes. This white paper discusses the five most common security threats organizations face today and proactive
actions to remediate the risks associated with endpoint and user vulnerabilities.
The chance
of enterprise
exposure to
ransomware is
high since 30
percent of users
open phishing
emails and more
than 12 percent
click on their
attachments.
Ransomware victims are usually infected via an email phishing attack. The chance of enterprise exposure to
ransomware is high since 30% of users open phishing emails and more than 12% click on their attachments,
according to a recent study. Even if organizations conduct widespread awareness and education efforts, the
most discerning user is still occasionally tricked into clicking on harmful email attachments, especially when an
attacker sends the email using an internal email address or another address known to the user.
5. Malicious Attack Exposure Growing
Enterprises are targets of many malicious malware attacks and viruses, not just ransomware. These attacks result
in many damaging data leaks and costly data losses. Email phishing is one of the main methods attackers use
to transmit malicious code, but they also use websites, external drives and peripherals as a means to infect or
infiltrate systems.
Devices can be infected as workers visit compromised websites, even if they dont download or click on any files.
In addition, USB flash drives and other portable drives obtained from third parties may contain malware or viruses
that infect user devices when the drive is connected.
The vulnerabilities discussed above are just a few of the many user security challenges organizations face today.
When looking for ways to reduce exposure to these and other growing security threats, organizations should focus on
implementing new security controls that prevent users from careless activities and unintentional exposure without
hindering worker productivity.
Although security education and awareness programs are important for reducing user security exposure, organizations
must also implement a range of proactive controls to ensure applications and data are protected from attack. By taking
the following five actions, organizations can significantly reduce their risk of malicious threats.
Implement Context-Aware Access Controls
Static security controls dont work for dynamic and mobile workers. Organizations need to apply context to
security and policy controls while still enabling mobile and flexible user computing. Context awareness relies on
close scrutiny and adaptation of a users workspace and access rules, based on the level of security risk they pose
at any given time.
To ensure appropriate levels of user security controls are imposed, questions such as the following should be
automatically reviewed as workers attempt to access networks and applications.
Is the user logging in from an unknown or a known secure device?
Is their network untrusted and open, or secure and trusted?
Are their USB drives or peripherals unrecognized or company sanctioned?
Are they attempting to access sensitive information during standard business hours or at an unusual time of day?
Once context-aware access controls are in place, IT departments can easily reconfigure security restrictions on the
fly based on each users environment, while automatically creating audit trails to meet compliance requirements.
L
imit Privileged User Access
Organizations should apply dynamic access controls that automatically elevate and reduce privileged user access.
By implementing more granular controls, administrators can quickly elevate a workers status and allow them
to access applications and systems to perform a specific task. These elevated rights can then be immediately
returned to those of a normal user when they move out of an application or indicate a job is complete. For
example, if a user administering an Exchange server launches a web browser in the same session, their user
privileges can be automatically reduced before they login to the web browser, access the Internet, and become a
target for attackers.
Dynamic privileges allow users to efficiently conduct their work while reducing the risk of human errors. To ensure
workers have the access they need to do their jobs, organizations should also put in place methods for users to
easily request and be immediately granted the temporary elevated status required to perform administration
within a specific time period.
A
utomate Deprovisioning
Many organizations still rely on manual processes to deprovision workers, which often result in time lags of days
or weeks and incomplete results. Organizations should implement comprehensive deprovisioning processes that
are automatically triggered when workers leave the organization, change roles, or at their managers or the IT
departments request.
With a more
holistic
approach to
identity lifecycle
management,
organizations
can significantly
improve
productivity,
compliance
and security.
Ideally the same business manager responsible for terminating a worker and managing their other offboarding
procedures would also initiate user deprovisioning. Organizations should tightly integrate deprovisioning
processes into existing human resource applications, project management systems, and other enterprise identity
stores, so that user access qualifications are automatically altered when a workers identity status is changed in
those systems. With a more holistic approach to identity lifecycle management, organizations can significantly
improve productivity, compliance and security.
E
xpand Whitelists
Whitelisting adds an extra layer of protection by only allowing approved executables to be opened. Although
manyorganizations have some form of whitelisting already in place, a more granularhash-level approach can
addadditionaluser safeguards by verifying unique file signatures to ensure that files beingexecuted are authentic
andthat workersarent being tricked into opening different infected files.
To avoid hindering productivity, if IT blocks a suspicious file or application, there should be processes in place to
notify users and allow them to request that files and applications be quickly reviewed and added to whitelists as
needed. These types of communications help balance worker productivity with organizational security.
A
dd Web and File Lock Downs
Organizations should also implement the following safeguards to protect themselves from malicious malware
and virus attacks resulting in unauthorized access and data losses.
Comprehensive blacklisting and whitelisting controls to dynamically block user access to specific
websites or files.
Read-only blanketing to prevent users from saving malicious files to local drives or disks.
Contextual external device lockdown to prevent users from opening or saving files unless they are
protected or encrypted.
RES secures workspaces, keeps workers productive and gives back more control to IT organizations. To help meet
security goals quickly, RES ONE Security can be up and running within days, not months or years. To learn more or
speak with a RES support agent, visit www.RES.com/Security.
SOURCES
Shadow IT definition, http://searchcloudcomputing.techtarget.com/definition/shadow-IT-shadow-information-technology, accessed May 10, 2016
Ponemon Institute Data Loss Risks During Downsizing Study, http://media.techtarget.com/Syndication/NATIONALS/Data_Loss_Risks_During_Downsizing_Feb_23_2009.pdf,
accessed May 10, 2016
Cyber Threat Alliance CryptoWall report, November 2015, http://cyberthreatalliance.org/cryptowall-report.pdf, accessed May 10, 2016
2 016 Data Breach Investigations Report, http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/, accessed May 10, 2016
ABOUT RES
RES, the leader in digital workspace technology, helps organizations achieve better business results with reduced risks in security and compliance while
making enterprise technology easier and less disruptive for the worker to access. RES takes a people-centric approach to making technology access secure, even
in complex multi-device/multi-location scenarios. RES boasts numerous patented technologies, fast time to value, and superior customer support for more than
2,500 companies around the world. RES was named a Cool Vendor 2015 by Gartner, Inc., for the innovative capabilities of its RES ONE Service Store. For more
information, visit www.res.com, contact your preferred RES partner, or follow updates on Twitter @ressoftware.
v 1.0 10/28/16