By Kartik Shahani, Country Manager, Tenable India
The Great Resignation has had a profound impact on organizations around the world. In India, it’s forecasted that 86% of employees are planning to quit their jobs or seek new employment opportunities.
Educating and incentivizing employees to maintain cyber hygiene
While the onus of overall cybersecurity is on organizations, employees make up one of the key pillars of a cybersecurity culture. Remote work has made it more complicated for organizations to know where data lives, the location it’s being processed in, and who the data is being accessed by – making securing various assets rather challenging.
Cybercriminals know these challenges faced by security teams around supporting a remote workforce such as not revoking the access of users who’ve already left the organization in a timely manner. This opens up new attack vectors for criminal actors to leverage, often in areas where users aren’t being vigilant and where organizations do not have good visibility into their environment. These factors have created an environment where insider threats happen more frequently and cause more damage than ever before.
Many data breaches, especially ransomware attacks occur when employees become victims of phishing or social engineering attacks when they click on something they shouldn’t have
unknowingly. Educating employees on cyber hygiene practices is the first step for any cybersecurity program. Organizations in India must provide annual awareness training but also incentivize employees to report suspicious emails, run phishing tests and create security help desks that answer questions from employees. While these initiatives are necessary and contribute to lowering cyber risk, the threat would remain if employees are unable to be as vigilant.
Business leaders, human resources, and security teams must collaborate to find solutions to the problems of burnout, stress, and anxiety employees are facing. Doing so would result in favorable outcomes for all parties involved. Organizations can protect themselves against cyberattacks, while employees can get a supportive and positive work culture that remains stress-free.
Securing identities and user access
One of the primary reasons for rising insider threats is that organizations do not pay adequate attention to identifying shadow IT and the user account’s level of access. Dormant accounts of past employees, which may or may not have privileged access, are low-hanging fruits.
Besides, many existing employees are granted privileged access based on trust, increasing the level of risk. Active Directory (AD) is still the primary identity access management platform that most organizations use. To stay vigilant about users and the level of access each of them has security teams need to continuously monitor the AD.
The first step to keeping Active Directory secure is to ensure all aspects of AD that can be compromised are properly secured. This includes users, attributes, groups, group members,
permissions, trusts, Group Policy related settings, user rights, and much more. A good example would be to require strong authentication on service accounts and actively manage the groups they are in. Part of this means mandating multi-factor authentication for all users. Enforce the principle of least privilege across all endpoints to prevent lateral movement, blocking default administration, denying access from a built-in local administrator account, and avoiding many built-in groups, which have too many permissions.
It’s also important to understand and maintain the structure within Active Directory so only active and authorized users and devices have access. Clean up the forest and domains in the network and limit the number of privileged users, administrative accounts, and permissions to AD and group policy.
Routine maintenance and good security hygiene aren’t glamorous but it’s crucial, especially with AD. Use technology that continuously analyzes AD changes for security vulnerabilities and weak configurations. Monitor events in Active Directory for unauthorized and/or malicious behaviors that could indicate signs of attack. And finally, deploy software updates as soon as possible.
Given the influx of employees due to the ‘Great Resignation’, company-wide safeguards need to be in place not just for existing employees but also for the ones who leave. Handling the off-boarding process meticulously can significantly reduce risk if the accounts of past employees are inventoried and monitored to see if all access has been revoked.
Organizations cannot guarantee 100% mitigation of insider threats, but they can strive for it with the right strategies, resources, and tools.
