A study has been conducted for Kaspersky Lab by its Global Emergency Response Team – a consulting service for the company’s corporate users - which looks into the main IT security policy mistakes that can put an organisation at risk.
Shared access to files is the main cause of incidents - The biggest mistake a business can make is to ignore network share access rights, proven by the fact that it is responsible for 35 per cent of all incidents. For example, there might be open sharing with access rights configured as ‘full access’ to everyone on an internal file server or end-user work desktop such as a shared public document workspace, where all documents are stored. Sooner or later this can become a prominent source of malware redistribution throughout the organisation.
Missing one single patch on a network - Modern malware takes advantage of existing vulnerabilities, and organisations are not always prepared. A network with just a single missing patch can be put at serious risk, and this is a common issue seen mostly in small to medium organisations with end users numbering less than 500. These organisations either do not have enough expertise, or ignore patching completely. This mistake is responsible for 25 per cent of incidents.
Use of multiple vendor anti-malware solutions - Using multiple vendor anti-malware solutions may lead to a situation where it is hard to mitigate malware attacks, and is responsible for 15 per cent of incidents. This may occur if one of the vendors does not respond fast enough to attacks. Delays in responses may run to days, weeks or even months. During this time the solution of another vendor would detect and remove malware, but only in its part of the network – and malware would attack it from the unprotected side. Alexey Polyakov, head of the Global Emergency Response Team at Kaspersky Lab, said: “From our experience we see that security admin spends a lot of time working with multiple vendors’ support services in finding and fixing a problem.”
Partial protection - A partially protected environment (responsible for 15 per cent of incidents) is where an anti-malware solution is installed on part of the network, leaving other resources unprotected.
Firmware vulnerability in need of patching - Firmware vulnerability (responsible for 5 per cent of incidents) may be exploited by attackers if security admin forgets to monitor hardware devices, such as routers, firewalls and other network appliances, to see if they need patching.
Website downloads - Another relatively infrequent mistake (also 5 per cent of incidents) is to believe that software downloaded from the Web is always perfectly sound software.
How to deal with these mistakes and what to remember when designing a corporate IT security policy can be found in Alexey Polyakov’s presentation entitled ‘Corporate Incidents: Lessons Learned. Common and Avoidable Security Policy Mistakes for IT Management’.