Tagged: risk

29
Jan
2021

ADT Breach Reveals Insider Threats are Still a Major Issue

From the US District Attorney’s Northern District of Texas Office – We learned this past week that insider threats are still a serious risk to organizations and their customers. A technician working for ADT pleaded guilty to accessing customer accounts and watching them in their homes using the live feed functions of home security systems.

The press release indicates this was a “hack” but in reality it wasn’t a hack. There was no hacking involved. This was a technician granted privileged access to the ADT network who then used those privileges to access data without reason. A hack implies that the person or entity that gained access to a system or data did so despite the fact they had no defined ability to do so. Mr. Aviles clearly had access to the systems in question to make changes and thereby obtain access into other areas of the system including the live security feeds in customer accounts.

As shocking as this incident may seem to the public, it points to an issue that information security practitioners and internal auditors have known for years. Internal threats posed by staff, vendors, and contractors are some of the most significant that an organization faces. These threats can come from people acting maliciously, as in the case of Mr. Aviles, or from people acting from a position of ignorance or carelessness. The prime examples of these types of unintentional threats might be staff members falling for phishing attacks, leaving information unsecured, sending information to a wider audience than appropriate, etc.

To combat these threats, companies need these key systems and controls in place:

  • Strong detective capabilities in terms of who is accessing what systems, how often those systems are being accessed, and the ability to corelate actions in systems to legitimate business need.
  • Strong internal auditing processes that routinely and randomly validate that detective controls are working as designed and escalating anomalies to management and independent supervisory auditors.
  • Regular review of system activity pattern changes when staff are out on PTO versus when they are in the office.
  • Strong ethical guidelines where there is a zero tolerance policy taken towards infractions of the organizations code of conduct for staff.
  • Regular and frequent reinforcing of the code of conduct for those staff that have access to privileged systems and data.

There is no question that insider threats will impact companies sooner or later regardless of the controls in place. However, It is imperative that organizations show that they take the threats seriously and that they can demonstrate strong controls. Would different controls at ADT stopped Mr. Aviles before he could cause this damage? We don’t know and probably will not know. We can only hope that other organizations learn from this incident and do more to increase their own protective controls over customer data and accounts.

13
Nov
2019

The End is Nigh! Time to Ditch Windows 7 Now

ITWorld has a very interesting long running series of articles chronicling the slow but steady demise of Windows 7 and the slow but stead rise of Windows 10 in terms of market share. Come January 14th 2020, Windows 7 support will officially end (unless you want to keep paying Microsoft for security updates on a per PC basis) and you will no longer get all of those critical updates needed to keep your organization secure.

What amazes me about the whole process is the prediction by Net Applications that Windows 7 may retain 10+ percent market share well into 2022, long after support has ended and almost every known flaw will be easily exploitable. Don’t get me wrong, I know first hand how painful it can be to update and replace thousands of physical PCs to get rid of an old OS but as hard as that may be, it is well worth it. In my own experience, the reduction in vulnerabilities just from going to a fully patched version of Windows 7 to a fully patched version of Windows 10 will make a world of difference on your audit scorecards.

Please do you and your organization a favor and move to Windows 10 now. You will be happy you did and it will allow you to sleep better at night.