Ask IT professionals about the biggest challenges facing them today, and many will tell you it’s convincing senior management to take heed of potential security threats. Data breaches like those experienced at Target, Neimen Marcus, and Home Depot are often the result of companies being too complacent with their security – unwilling to update outdated software or not monitoring systems closely enough.
“What we see is a disconnect between IT teams wanting to embrace security best practices like hardening and FIM, but not always able to convince upper management to back the investment needed, along the line of the ‘We sell hammers’attitude reported by the Home Depot IT team after their recent breach,” says Mark Kedgley, Chief Technical Office for New Net Technology Workplace Solutions.
Here, Mark discusses what IT teams should be monitoring, best practices for preventing data breaches, and more. Read on:
Have you ever worked on an IT service desk before? What were some of the most common problems you faced?
In the early days of NNT, I was much more active with supporting our products for our customers. We learned the value of keeping as much detail on record about our customers, their environment, and their past issues, which really paid off in the future whenever we had to fix similar problems for them (sometimes the same problems we had fixed months before!).
Why is monitoring change within an IT environment so critical to operations?
We talk a lot about the need to either “stop the breach or spot the breach,” and these are the two key reasons why change detection is such a key security control.
Any breach will result in system changes, so if you can detect changes, you can head off a breach before serious damage is done. In the breach at Target, there were plenty of clues that a breach had occurred – new DLLs on the POS systems, registry changes, service list changes – and if any of these had been acted on sooner, there wouldn’t have been anything like the losses that occurred.
Secondly, if you aren’t monitoring for changes, you won’t be able to maintain systems in their most secure “hardened” state. Configuration settings tend to drift over time mainly because, although a hardened system may be in its most secure state, that also means it is in its least accessible state, so engineers tend to slacken off security to make maintenance easier.
What sorts of analytics should IT be looking at? How often?
Any change to the integrity of the file system and configuration settings is critical, as we mentioned above – firewalls and antivirus just aren’t effective enough against the whole spectrum of malware or attack methods, particularly phishing attacks and any APT-style attack.
Beyond this, the need to track user activities is a standard security best practice, chiefly so that in the event of a breach, you can work out who did what, how, and when. This event log data can also serve as a pre-emptive alert that an attack may be in progress; for example, an unusual number of failed logins could signify a brute force attack.
What are good habits that all IT teams should develop in order to prevent things like outages and data breaches?
Change Control is key, rewarding careful planning and preparation prior to changes being made with the focus heavily oriented towards contingency planning in the event of something going wrong after the change. It equally serves security and operational/service delivery performance, because with good Change Control, there is always clear visibility of changes being made.
What can IT teams do to teach users about using applications smartly and safely?
Basic hygiene goes a long way. Change passwords regularly and adopt good practices such as using complexity (special characters), and try and use pass phrases (two or three word passwords) where possible. Be on your guard for phishing attacks, and if in any doubt, no matter how tempting, don’t click on any links or attachments in emails if you are suspicious.
What innovations or developments in IT excite you the most right now?
I think that the future of the industry is interesting with the whole Android and cloud developments – not long ago, Sun and Nokia were huge brands, so who knows what the relative status of Microsoft, Intel, Google, Apple, and VMWare will be in the coming years?