Lieberman Software

April 2010

Top of Mind
Security Training Won't Solve the Negligent Insider Threat - SC Magazine Editorial

Philip  Lieberman, President & CEO
Lieberman Software

2010 was barely underway before news of the year's first sensational data breach hit the wires. Internet giant Google announced that it was the victim of a sophisticated attack from China designed to break into accounts of political dissidents hosted by the company. Details are scant, but one disclosure in particular does stand out.

Google reported indications that its employees either intentionally or unintentionally helped make the attack possible. This detail hardly surprised many security experts, myself included, who have long written about the threats that enterprises face from inside the corporate firewall.

Our warnings haven't gone completely unnoticed — awareness about insider threats has grown in the recent past. But many companies' responses have the appearance of ineffective security theater.

One case in point: security training for rank and file employees. Some CIOs seem to expect that by educating users about the dangers of clicking risky links or downloading unvetted applications onto their machines, these users will stop their risky behavior.

The truth is, though, that while employee training can offer some ROI by eliminating a small percentage of IT incidents, it's hardly a cure-all.

Adding fuel to the fire

According to many security experts, the most prevalent IT security threat arises from negligent insiders. Malicious hackers prey upon enterprise users with the knowledge that no matter how many times your employee may hear about security policies and risks, eventually that user will click a questionable link on Facebook, respond to a phony email from the ”IRS,” or be duped by a targeted spear phishing attack.

It is inevitable that costly mistakes will be made because there is a human working at each keyboard attached to those networked PCs. Humans are fallible. They have bad days. And sometimes they don't stop to think whether they're putting their employer's assets at risk.

In the case of an employee who has elevated access levels needed to carry out his job, an attacker who entices the worker into infecting one computer now also has privileged access into the network. The worker's account becomes the proxy for the hacker, who knows how to leverage this access for further attacks deeper and deeper into the network.

To mitigate the threat from negligent insiders, organizations can take a cue from the way that Southern California firefighters tackle our annual wildfire season. Firefighters understand that with dry terrain and unfavorable winds wildfires are bound to occur. That's why these professionals are relentless in their efforts to limit wildfires' damage, encouraging every resident to search out and remove combustibles around vulnerable buildings. Firefighters also plan ahead to develop the rapid response strategies needed to keep the fires contained once they break out.

Sadly, the security practices of many organizations are akin to a community of reckless Southern California homeowners that allow groves of eucalyptus trees to hang over the eaves of their abodes. Examples of the dangerous combustibles in your IT environment can include:

Administrative users who are not required to periodically change their elevated, “super-user” credentials. This leads to privileged account passwords that may never expire becoming known to too many current and former workers.

Computers and network appliances that share common username and password logins, exposing large portions of the infrastructure should a single account be compromised.
The storing of administrative passwords on spreadsheets that are placed in well-known or unmonitored locations.
Failure to adopt a ”continuous auditing” approach to security, never enacting the processes to search out new vulnerabilities and mitigate them before they provide the opening for an attack.

Regardless of how much your organization spends on security, if any of these examples apply to your situation, you could be vulnerable to attacks made possible by negligent insiders.

All about reducing risks

Today, if your organization runs a network, you're a target for attack. We may never eliminate the threat but with a sound, layered security approach we can do much to reduce its potential impact. And when it comes to mitigating the risks of negligent insiders, organizations need to move beyond basic training and look for ways to limit the damage.

Your first step is to ensure that administrative passwords are regularly changed; that multiple computers, network appliances, or applications don't share identical credentials; and that no passwords are stored on spreadsheets that have unmonitored access. Next, enact processes to continuously scan the infrastructure for new vulnerabilities and take action before there is an attack.

Regardless of whether you accomplish these steps through manual processes or by deploying privileged identity management software, you'll be well on your way to building stronger security and limiting the potential damage of an attack.

What do you think? Email me at:

Lieberman Software Corporation
1900 Avenue of the Stars, Suite 425
Los Angeles, CA  90067

(01) 310-550-8575

Partner News

Product Updates / Launches / Podcasts
  • NEW WEBSITE LAUNCH! Check out our freshly branded Windows Management products website. Let us know what you think! Enter our NIGHTMARE SHARE contest and you could be a big winner!
  • Random Password Manager is no “con,” though it’s earned one. Military Embedded Systems. One way the U.S. Army ensures security for enterprise software wares operating on its Army Enterprise Infrastructure network is by issuing a “CoN” or Certificate of Networthiness (ironically, to eliminate “cons” and security breaches). Accordingly, Lieberman Software Corporation’s Random Password Manager privileged identity management product recently received the U.S. Army CoN.

Events / Press / Analysts
  • Barney's Blog - Third-Party Report: Lieberman Software. Redmond Channel Partner Online.
    Lieberman Software, headed by super smart Phil Lieberman, has long been in the Windows admin market. Now Phil is eying the cloud with Enterprise Random Password Manager, which now brings its identity management features to cloud providers.
  • The Cloud Challenge: Security. Cloud Computing Journal. "Safeguarding a cloud infrastructure from unmonitored access, malware and intruder attacks grows more challenging for service providers as their operations evolve. And as a cloud infrastructure grows, so too does the presence of unsecured privileged identities – those so-called super-user accounts that hold elevated permission to access sensitive data, run programs, and change configuration settings on virtually every IT component."
  • Insiders Not The Real Database Threat
    Dark Reading. "Problems like using commonly known shared passwords, never changing sensitive passwords, and allowing their employees to have too much access for too long to sensitive data with no accountability is the rule rather than the exception."
  • Secure and Audited Privileged Account Access
    Government Security News (GSN)
    Who has access to your mission-critical systems? Why do they have access? How can you gain control over your privileged accounts and provide this information to IT auditors? All of these topics and more are discussed in this 6:09 broadcast from GSN.

Tech Tip of the Month

Service Account Manager: Enumerating Dependent Services

For years, Service Account Manager has been the go to tool for updating Windows service account passwords. One reason that it’s the most efficient solution for performing this complex task is its rare ability to perform a full dependency analysis on each service.  Learn More

Lieberman Software Corporation respects your right to privacy, and believes any information you provide us should be protected from disclosure to others. For more information, please read our privacy policy. If you do not wish to receive promotional email messages from Lieberman Software in the future, please click here.