People make up an important part of an organization’s security posture. That’s because some employees have the rights necessary for accessing sensitive data as well as the privileges for viewing and/or editing critical systems. If those individuals have the right focus and training, they can play a crucial part in keeping those assets safe against digital attackers. But if they aren’t paying attention, they could do something that puts their employer at risk.
Take cloud security as an example. As reported by the Wall Street Journal in August 2019, misconfigurations and other human errors constituted the leading cause of 95% of cloud-based data breaches. The Wall Street Journal reported that this trend was expected to continue for years to come.
Human errors come in many different varieties, so it’s not always easy for organizations to keep their assets secure. Let’s look at two common types of human errors to better understand these challenges.
Human Error Type #1: Skills-Based Errors
Skills-based errors tend to occur during highly routine activities. The task has probably been performed correctly many times before and is more routine, meaning they can be performed with less conscious attention on the part of security analysts.
Here’s one example. A good patch management program is one that first identifies patches, acquires them, tests them, installs them, and then verifies them. There could be scenarios where a bad patch can cause downtime. But as this is a routine task, a user may choose to install patches without proper testing, or they may not make sure that the patch they tested is the one that is pushed to all other production systems.
Here are two other examples of skills-based errors:
- Following suspicious email links and attachments: Sometimes users reply to suspicious emails, click on embedded links, and/or download suspect attachments. These actions can undermine the machine’s security by loading malware.
- Using personal devices for work purposes: Users commonly access the organization’s sensitive data, connect their devices to the wireless network, and connect their tablets or phones to their local PCs. Those personal devices are not fully controlled or monitored, so they may suffer from security risks such as malware that could easily spread across the organization.
Human Error Type #2: Mistakes
Mistakes are decision-making failures. They may be due to time pressure. One example is disabling the Windows firewall to allow certain firewall ports during some implementations. This may cause the PC to be exposed for unwanted incoming and outgoing traffic.
Organizations can also suffer mistakes in form of password problems. The National Centre for Cyber Security’s 2019 report says that “123456” remains the most popular password in the world and that 45% of people reuse the password of their main email account on other services. This is partly the result of how organizations don’t implement the right policy to users to secure their accounts, thus allowing users to create very weak passwords for accessing access to their personal devices and even secure servers. It’s even worse if organizations allow users to have an unlimited number of failure login attempts to their machines without ultimately locking their accounts.
As another example, there’s the issue of installing unauthorized applications to a secure environment. This can provide attackers with a backdoor in that they can use those applications to find vulnerabilities and start exploiting those machines.
What Tripwire Can Do to Help
Tripwire can help organizations by scanning their environments’ configurations and giving them a report detailing what secure configurations need to be implemented and how they can implement those changes. As the leader for the security configuration management, Tripwire can help organizations to implement thousands of policies across global standards like PCI, NIST, CIS, HIPAA, NCA, NESQ, NIA, NERC, and more. It can then help them to monitor the files and misconfigurations before issuing a report on who did what. Such information can empower organizations to know exactly what’s happening on their configurations, critical folders, and paths. (This can be done using Tripwire’s file integrity monitoring capabilities.)
Going back to the patching example discussed above, for instance, Tripwire Enterprise can detect unauthorized changes even when they happen during a patch as well as automatically authorize patch changes referring to a node. (This node can be the one where security personnel tested the patch.) If an element matches an element on the reference node, this is a good change. If an element does not match an element on the reference node, it is a bad change.
As for the Windows firewall change example, Tripwire Enterprise will detect this and alert of a compliance test failure. This allows users to be alerted and to avoid these mistakes. Additionally, it will help them to follow the proper process so that the organizations stay aware about this change and not make a mistake due to time pressure or doing too many things at once.