PROTECTING THE ENTERPRISE

FROM
USER SECURITY VULNERABILITIES
How to Prepare for the Five Most Likely Threats

www.res.com | A RES White Paper

Traditional IT security efforts focus on building and securing the perimeter of organizations
using firewalls, antivirus software and a variety of other security measures. This approach
was effective when technology and data access were relatively static and most workers
used desktop computers in their assigned cubicles inside an office building.

Many security
attacks
occurring
today result
from actions
of authorized
users, most
of whom are
unaware they
are creating
risks for their
enterprise.

Things have changed in todays work environment where mobile workforces regularly access cloud-based applications and
services from laptops, tablets and smartphones over secure private and open public networks. In this new era, perimeterbased security cannot provide organizations with complete protection from data breaches. Many security attacks occurring
today result from actions of authorized users, most of whom are unaware they are creating risks for their enterprise.
As IT operations and end-user computing executives roll out new cloud and mobile-first initiatives to meet business
needs and workforce demands, they face new challenges. In addition to being responsible for empowering workforces
by providing them with flexible access to data and resources, these executives must now identify the new technologies
security risks and put in place enough protection to secure the organization.
Understanding risks and prioritizing security efforts can seem like a daunting task. With threats coming from every
direction and more devices and connections to protect than ever before, the first step IT teams must take is to identify
their top security vulnerabilities. While every organization is different, there are common threats facing companies
of all sizes. This white paper discusses the five most common security threats organizations face today and proactive
actions to remediate the risks associated with endpoint and user vulnerabilities.

TOP FIVE ENTERPRISE USER SECURITY THREATS

The five main security vulnerabilities most organizations face today include the proliferation of mobile and cloud
technologies, exposure from privileged users, lax deprovisioning procedures, increasing ransomware attacks, and
widespread use of malware and viruses. Each of these vulnerabilities is discussed in more detail below, followed by
recommended actions organizations can take to thwart attacks and reduce organizational risk.
1. Mobile and Cloud Complexities
Cloud and mobile technologies make workforces more productive, but they also introduce new security
complexities that can be daunting for inexperienced IT organizations. Mobile employees and contractors regularly
use a combination of corporate-owned and personal laptops, tablets and smartphones from multiple locations
to access a wide variety of cloud-based applications, which dramatically increases the number of possible entry
points into corporate infrastructures.
Most IT organizations struggle to adequately secure devices and applications used in home or remote offices,
especially within unsecured public networks. Yet they must support these new technologies or run the risk that
departments or business units will engage in shadow IT practices that allow workers to use devices, software or
services out of corporate ITs control and magnify security exposures.
2. Too Many Privileged Users
Most organizations have more users with administrative rights and extra levels of control than is necessary to
adequately manage systems. In some enterprises, almost everyone has more access rights than they really need.
In others, privileges are elevated too frequently, arent removed when they are no longer needed, or granted to
administrators who have full access to applications that lack granular controls.
Privileged users are prime targets for attack because their elevated access rights allow malicious actors more
access within corporate networks, systems and applications. Organizations with large numbers of privileged users
increase their risk of attack simply because there are more workers who might make careless errors or expose
vulnerabilities attackers can leverage to gain full access to critical data and applications.

Protecting the Enterprise from User Security Vulnerabilities | www.res.com

3. Incomplete Worker Deprovisioning

A data loss risk study conducted by the Ponemon Institute found that more than 24% of people leaving an
organization still had access to their corporate data. Delays in worker deprovisioning can cause even greater
exposure when organizations have a highly transient workforce or must meet a large number of compliance
requirements. The need to quickly deprovision users is not only important as workers leave a company, but also
when they change jobs within an organization and no longer need, or are authorized, to access specific resources.
Many IT departments overlook the importance of deprovisioning because they dont realize the risk that delays
can cause until they face issues within their own organization. Deprovisioning challenges only increase as
organizations grant permission to allow workers access to subscribe to Salesforce and other cloud-based corporate
applications. These cloud service subscriptions are often managed separately from other IT applications and
services, leaving another potential deprovisioning gap if access is not removed when an employees status changes.
4. Ransomware Attacks Increasing
Ransomware began with attacks on individuals, but this growing threat has spread to the enterprise. According
to the Cyber Threat Alliance, CryptoWall, one of the most lucrative and broad-reaching ransomware campaigns,
was responsible for more than $325 million in damages and hundreds of thousands of attempted attacks as of
November 2015. Obviously, ransomware can be costly and cause downtime, but in addition, it can negatively
impact an enterprises reputation and compliance exposure.

The chance
of enterprise
exposure to
ransomware is
high since 30
percent of users
open phishing
emails and more
than 12 percent
click on their
attachments.

Ransomware victims are usually infected via an email phishing attack. The chance of enterprise exposure to
ransomware is high since 30% of users open phishing emails and more than 12% click on their attachments,
according to a recent study. Even if organizations conduct widespread awareness and education efforts, the
most discerning user is still occasionally tricked into clicking on harmful email attachments, especially when an
attacker sends the email using an internal email address or another address known to the user.
5. Malicious Attack Exposure Growing
Enterprises are targets of many malicious malware attacks and viruses, not just ransomware. These attacks result
in many damaging data leaks and costly data losses. Email phishing is one of the main methods attackers use
to transmit malicious code, but they also use websites, external drives and peripherals as a means to infect or
infiltrate systems.
Devices can be infected as workers visit compromised websites, even if they dont download or click on any files.
In addition, USB flash drives and other portable drives obtained from third parties may contain malware or viruses
that infect user devices when the drive is connected.
The vulnerabilities discussed above are just a few of the many user security challenges organizations face today.
When looking for ways to reduce exposure to these and other growing security threats, organizations should focus on
implementing new security controls that prevent users from careless activities and unintentional exposure without
hindering worker productivity.

PROACTIVE MEASURES SECURE ENDPOINTS AND USERS

Although security education and awareness programs are important for reducing user security exposure, organizations
must also implement a range of proactive controls to ensure applications and data are protected from attack. By taking
the following five actions, organizations can significantly reduce their risk of malicious threats.
Implement Context-Aware Access Controls
Static security controls dont work for dynamic and mobile workers. Organizations need to apply context to
security and policy controls while still enabling mobile and flexible user computing. Context awareness relies on
close scrutiny and adaptation of a users workspace and access rules, based on the level of security risk they pose
at any given time.

Protecting the Enterprise from User Security Vulnerabilities | www.res.com

To ensure appropriate levels of user security controls are imposed, questions such as the following should be
automatically reviewed as workers attempt to access networks and applications.
Is the user logging in from an unknown or a known secure device?
Is their network untrusted and open, or secure and trusted?
Are their USB drives or peripherals unrecognized or company sanctioned?
Are they attempting to access sensitive information during standard business hours or at an unusual time of day?
Once context-aware access controls are in place, IT departments can easily reconfigure security restrictions on the
fly based on each users environment, while automatically creating audit trails to meet compliance requirements.
L
 imit Privileged User Access
Organizations should apply dynamic access controls that automatically elevate and reduce privileged user access.
By implementing more granular controls, administrators can quickly elevate a workers status and allow them
to access applications and systems to perform a specific task. These elevated rights can then be immediately
returned to those of a normal user when they move out of an application or indicate a job is complete. For
example, if a user administering an Exchange server launches a web browser in the same session, their user
privileges can be automatically reduced before they login to the web browser, access the Internet, and become a
target for attackers.
Dynamic privileges allow users to efficiently conduct their work while reducing the risk of human errors. To ensure
workers have the access they need to do their jobs, organizations should also put in place methods for users to
easily request and be immediately granted the temporary elevated status required to perform administration
within a specific time period.
A
 utomate Deprovisioning
Many organizations still rely on manual processes to deprovision workers, which often result in time lags of days
or weeks and incomplete results. Organizations should implement comprehensive deprovisioning processes that
are automatically triggered when workers leave the organization, change roles, or at their managers or the IT
departments request.

With a more
holistic
approach to
identity lifecycle
management,
organizations
can significantly
improve
productivity,
compliance
and security.

Ideally the same business manager responsible for terminating a worker and managing their other offboarding
procedures would also initiate user deprovisioning. Organizations should tightly integrate deprovisioning
processes into existing human resource applications, project management systems, and other enterprise identity
stores, so that user access qualifications are automatically altered when a workers identity status is changed in
those systems. With a more holistic approach to identity lifecycle management, organizations can significantly
improve productivity, compliance and security.
E
 xpand Whitelists
Whitelisting adds an extra layer of protection by only allowing approved executables to be opened. Although
manyorganizations have some form of whitelisting already in place, a more granularhash-level approach can
addadditionaluser safeguards by verifying unique file signatures to ensure that files beingexecuted are authentic
andthat workersarent being tricked into opening different infected files.
To avoid hindering productivity, if IT blocks a suspicious file or application, there should be processes in place to
notify users and allow them to request that files and applications be quickly reviewed and added to whitelists as
needed. These types of communications help balance worker productivity with organizational security.

Protecting the Enterprise from User Security Vulnerabilities | www.res.com

 A
 dd Web and File Lock Downs
Organizations should also implement the following safeguards to protect themselves from malicious malware
and virus attacks resulting in unauthorized access and data losses.
Comprehensive blacklisting and whitelisting controls to dynamically block user access to specific
websites or files.
Read-only blanketing to prevent users from saving malicious files to local drives or disks.
Contextual external device lockdown to prevent users from opening or saving files unless they are
protected or encrypted.

TAKE A PEOPLE-CENTRIC APPROACH TO SECURITY WITH RES

The digital workspace is more vulnerable than ever, so organizations should augment their traditional security
approaches with a more people-centric approach. Taking this approach means that a comprehensive security plan
doesnt come at the cost of worker productivity or experience.
RES ONE Security ensures businesses are is protected from threats by managing security, identity and access
management, and governance.

Protect against external and internal threats.

Reduce risk and ensure compliance through insight and visibility.
Manage worker security through automation and a single identity.
Drive worker productivity with secure access and automated service delivery.

RES secures workspaces, keeps workers productive and gives back more control to IT organizations. To help meet
security goals quickly, RES ONE Security can be up and running within days, not months or years. To learn more or
speak with a RES support agent, visit www.RES.com/Security.

SOURCES
Shadow IT definition, http://searchcloudcomputing.techtarget.com/definition/shadow-IT-shadow-information-technology, accessed May 10, 2016
Ponemon Institute Data Loss Risks During Downsizing Study, http://media.techtarget.com/Syndication/NATIONALS/Data_Loss_Risks_During_Downsizing_Feb_23_2009.pdf,
accessed May 10, 2016

Cyber Threat Alliance CryptoWall report, November 2015, http://cyberthreatalliance.org/cryptowall-report.pdf, accessed May 10, 2016
2 016 Data Breach Investigations Report, http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/, accessed May 10, 2016

ABOUT RES
RES, the leader in digital workspace technology, helps organizations achieve better business results with reduced risks in security and compliance while
making enterprise technology easier and less disruptive for the worker to access. RES takes a people-centric approach to making technology access secure, even
in complex multi-device/multi-location scenarios. RES boasts numerous patented technologies, fast time to value, and superior customer support for more than
2,500 companies around the world. RES was named a Cool Vendor 2015 by Gartner, Inc., for the innovative capabilities of its RES ONE Service Store. For more
information, visit www.res.com, contact your preferred RES partner, or follow updates on Twitter @ressoftware.

Copyright 2016 RES Software. All Rights Reserved.

All other trademarks are the properties of their respective companies.
RES ONE is a trademark of Real Enterprise Solutions Nederland B.V.

v 1.0 10/28/16