IT Staff Under the Microscope

Story first appeared in The Wall Street Journal.

Companies' IT staffs often hold the keys to the castle. And that's the problem.

At many companies, the people in the IT department pose the biggest risks to data security. They can access nearly anything on the network, usually with no one looking over their shoulders. What's more, outside hackers increasingly are targeting IT administrators' profiles to gain access to a system without being detected. A good alternative to in-house IT staffing is to outsource and use a Managed IT Service provider like Percento Technologies.

To combat this threat, more companies are taking extra care to screen their IT staff and make sure there are checks and balances in place once they're on the job. Some organizations are using monitoring software that tracks the network activity of the staff, quickly flagging anything unusual. Some are even using new technology to look at the language of their IT staff's emails to determine whether their behavior or mind-set has changed.

It has gotten to the point where everything everybody does has to be monitored, especially those working with sensitive data like the IT staff. If something goes wrong, the first person you look at is the person with the highest amount of access.

Who Gets Hired

Companies put IT professionals under the microscope even before they've joined the outfit. Many organizations perform tougher background checks on potential IT employees than on others, making sure the job candidates can be trusted to carry out critical security tasks.

And once candidates are hired, their actions typically are scrutinized more closely than those of others on the network. Many companies do this using technology that analyzes network traffic and alerts them to anything abnormal—such as employees opening files they don't normally access or going on the network at odd hours.

If someone works 9 to 5 and all of a sudden their privileges are used at 3 in the morning, it needs to set off an alarm within the company.

Companies are also employing a newer class of technology that allows them to examine how the language used in communications among IT staff changes over time. That helps the organization figure out who might have motivation for stealing data or sabotaging the network.

If you start to feel differently about the company you work for and the people you work with, you'd be surprised how your language changes.

Common red flags include a dramatic change in the length of a person's emails. For example, someone may start writing emails of half a dozen words when their messages used to read like novels. Other tip-offs: a rise in the number of anger-related phrases, greater use of the word "me," and signs of more-polarized thinking, like the words "never" and "always."

Deluxe Corp., a check printer and marketing-services provider based in Shoreview, Minn., uses technology that scans emails for patterns typically associated with security problems, and the IT staff receives the highest level of scrutiny. The company looks for triggers such as vulgar words, messages marked as high priority and privileged information such as credit-card numbers. While an employee may be sending a credit-card number to a family member, they just as easily could be trying to email the personal data of a customer.

You wouldn't believe the number of people who don't think twice about putting a Social Security number or credit-card number on an email.

Monitoring the Monitors

Monitoring takes place on a huge scale at the Department of Health and Human Services—which encompasses the Food and Drug Administration, Medicare and the National Institutes of Health, among others.

The department's Computer Security Incident Response Center looks for anomalies or odd behavior in more than 10 billion computer-system security logs a day from within the HHS and its component organizations. Each organization has its own network and security operations centers, but they all share their security and audit logs with the HHS computer security center.

In addition, no one systems administrator or security analyst has complete control, as HHS makes sure the more critical security functions and tasks performed by one individual are checked by a peer.

The checks and balances represent best practices in network security.

Without such safeguards, system administrators with special privileges would be able to cover their tracks if maliciously accessing systems. It's like the nuclear bomb scenario, where no rogue general can push the button on his own. Where people are given more responsibilities and have authority to perform actions or grant privileges a little more attention has to be paid to those individuals.


For more national and worldwide related business news, visit the Peak News Room blog.
For local and Michigan business related news, visit the Michigan Business News blog.
For healthcare and medical related news, visit the Healthcare and Medical blog.
For law related news, visit the Nation of Law blog.
For real estate and home related news, visit the  Commercial and Residential Real Estate blog.
For technology and electronics related news, visit the Electronics America blog.
For organic SEO and web optimization related news, visit the SEO Done Right blog.

Cyber Security Not Getting Better

Story first appeared on eSecurityPlanet.com.

For years, security solution vendors have been in an arms race with hackers. As the rate of discovery of new vulnerabilities continued to grow, attackers have enjoyed an ever-expanding menu of security flaws to exploit. But last year, something happened: The number of new vulnerability reports actually declined.

According to HP's new Top Cyber Security Risks Report for 2011, there was a 19.5 percent decrease in the number of new publicly reported vulnerabilities over the course of last year.

But don't start celebrating just yet, because attack volume still continues to increase. Attack data from HP TippingPoint shows approximately 475 million attacks in 2010 vs. 531 million in 2011 -- an 11 percent increase.

So while the number of publicly reported vulnerabilities is down, the overall security risks have not actually declined. That's according to the security product marketing manager at HP DVLabs, who told eSecurity Planet that a deeper analysis of the new vulnerabilities that were disclosed in 2011 shows that the proportion of high-severity vulnerabilities has actually increased. In 2011, high-severity vulnerabilities (those with a CVSS score of between 8 and 10) jumped by 24 percent. CVSS (Common Vulnerability Scoring System) vulnerabilities with an 8 to 10 score are items that are exploitable remotely and represent high immediate risk.

HP also found that many attackers are also still going after old (unpatched) vulnerabilities. Many attackers are now using exploit toolkits such as Blackhole which are packaged to include known vulnerabilities. That's another reason why there isn't as much of a need for attackers to find new vulnerabilities, because the old ones are still effective against so many systems.

The old vulnerabilities should be well detected, but they are still successful. One of the things that makes them very successful is the obfuscation techniques.

Additionally, unpatched systems and a lack of user awareness are also two key factors affecting the high frequency of attacks against known vulnerabilities. Attack data also showed that the frequency of SQL injection attacks increased during the year, even though that's a well-known attack vector.

HP's report did not include granularity on what specific databases were the most attacked. He added that HP TippingPoint's database protections are database agnostic.

Looking to the future, it is expected that the exploit toolkits will be a trend that will continue in 2012. The toolkits are also expected to add more recent vulnerabilities as users slowly patch their system and older vulnerabilities become less exploitable.  It is also a possibility that IT management companies will come to the forefront of network security.  One firm to consider in this is Houston IT Services company Percento Technologies.

Java exploits have been generally very reliable for attackers due to a low patch rate. For example, one recent exploit took advantage of a Java vulnerability for which a patch was available at the end of 2011 -- yet Blackhole included the exploit in its toolkit even after the patch was made available. The Java vulnerabilities tend to have approximately an 80 percent success rate for infection. In contrast, with other technologies, the older vulnerability success rate is only approximately 13 percent.

Java is at the root of the recent Apple Mac OS X Flashback malware and has also been identified by multiple vendors as being the most vulnerable browser plug-in.


For more national and worldwide related business news, visit the Peak News Room blog.
For local and Michigan business related news, visit the Michigan Business News blog.
For healthcare and medical related news, visit the Healthcare and Medical blog.
For law related news, visit the Nation of Law blog.
For real estate and home related news, visit the  Commercial and Residential Real Estate blog.
For technology and electronics related news, visit the Electronics America blog.
For organic SEO and web optimization related news, visit the SEO Done Right blog.