If you were to check the newspapers today you could almost guarantee there would be a story referencing or focusing on the latest high profile hack. Departments at all levels of government, from national right down to local councils, are bring breached and it’s not just data that is being compromised, but money is also being stolen.
This paints a picture of security threats emanating from cyber-gangs hacking into local council servers on the other side of the globe. But this isn’t necessarily the case. In fact, a recent survey from SolarWinds found that the biggest threats to the local councils aren’t coming from hackers but instead from council employees on the inside.
The survey found that 53% of IT respondents from local councils identified careless and untrained insiders as the biggest IT security threat in their department. These careless individuals are being considered as a bigger cyber security threat than a terrorist or a hacker for a variety of reasons.
Firstly IT departments have less control of employees since personal devices have become more frequently used in the workplace. There is also an increasing amount of pressure on IT pros to apply network configurations as quickly as possible rather than correctly. This is making local councils vulnerable as mistakes are being made by causing inaccurate network changes.
Lastly there is the issue of human error, when employees leave their laptop on the tube or lose their USB stick. Together all of these are contributing to an increase in potential insider threats.
However, there are three strategies that can help address the growing issue of insider threats:
Automate network configurations
A problem which the survey outlines is that network configuration is being carried out quickly as opposed to accurately by IT pros. This can lead to a variety of issues, the most problematic being that if a network isn’t configured properly employees can make unofficial and inaccurate network changes.
All local council IT pros are stretched, however if organisations considered automating the network configuration process the procedure could be carried out much more efficiently. The tool can perform scheduled network configuration backups, bulk change deployment for thousands of devices all with minimal input from the IT pro, freeing up valuable time. As well as limiting the concern over insider threats, these tools can also catch configuration errors and automatically notify the administrator of any compliance issues.
Know who is accessing the network
Over the last few years employees have started to use their own personal devices for work, which has added a great deal of risk to local councils. Losing a laptop or having a smartphone stolen out of a bag can lead to vast amounts of data being stolen which can prove catastrophic to the organisation if something is leaked or worse compromised.
The most efficient way to overcome this is to block unauthorised devices from accessing the network by creating a policy that allows the team to track and monitor devices, switches and ports. To ensure maximum security, develop a ‘whitelist’ of all the devices which are allowed to infiltrate the network and set up notifications if a device attempts to access the network that is not on that list.
Nonstop network monitoring
In an ideal world IT pro’s should be aware of everything that is happening on the network. That in itself is a huge task and next to impossible when the rest of the workload is factored in.
Having said that there is a shortcut which can guarantee every area of the network is monitored without taking up the time of the IT pro. This is by investing in a solution that can automatically monitor the network for any anomalies and alert administrators of any potential breaches, data leaks, unauthorised users, or suspicious activity. The IT pro can then focus their time on responding and addressing any problems the solution has flagged. It also allows the IT pro to pinpoint where the root of the problem is and identify the user who could be unintentionally compromising the network.
A few good examples of effective monitoring solutions include security information and event management (SIEM) and log and event management software. These solutions provide real-time feedback and alerts that give administrators information about any suspicious network activity.
Insider threats are slowly becoming a huge fear of local council IT teams. Whether they are intentional or not they can be incredibly dangerous and should be taken seriously.
Joel Dolisy, CIO, CTO SolarWinds