Security threats are growing continuously. In addition to hacking and malware, recent years have seen the growth of ransomware and various forms of pretexting. There are simply too many actors and too many threats for any company to completely avoid compromise.
In addition to external threats, security issues are often caused by bad internal actors or by simple human error. The Verizon Data Breach Report for 2022 concludes that the human element continues to drive breaches. This year 82% of breaches involved the human element. Whether it is the use of stolen credentials, phishing, misuse, or simply an error, people continue to play a very large role in incidents and breaches alike. Sixty-two percent of breaches were either caused by human error, or human error contributed to the breach.
So, what can an enterprise do to manage and reduce the human element of breaches? There is no such thing as 100% security or a silver-bullet solution. But there are proactive things companies can do to improve their overall security posture.
 Verizon Data Breach Investigations Report 2022
Many security professionals have the perception that the biggest threats are external, but as can be seen from the Verizon report, many breaches come from simple human error. It's not that people aren't doing their jobs, it's that there isn’t enough time to do everything that needs to be done.
IT Professionals and cybersecurity leader’s today are burnt out, overworked and practice an “always-on” mode. This is a direct reflection of how technology has expanded over the past decade. Networks and infrastructures have expanded in size, scope, and complexity both on premises and in the cloud. Digital transformation has forced organizations to push out more digital systems more quickly. In addition, many organizations have older, traditional systems running applications critical to the business. The amount of work needed to maintain, patch, update and monitor all of these systems is huge.
In addition, over 80% of North American IT departments have skills gaps. Globally, IT skills gaps have increased by 155% in three years. These gaps lead to several issues including stress, development and deployment delays, and errors that lead to security exposures.
The increased level of digital connections has forced organizations to put significantly higher levels of effort into controlling and evaluating the cyberhealth of not only their systems, but also systems of external parties.
Most companies don’t have enough skilled IT resources, let alone hours in the day, to deal with all the changes, updates and operations required to support their end-users. This inevitably leads to mistakes, missing critical updates, and shortcuts which open holes to hackers.
 Global Knowledge Network, 12 Challenges Facing IT Professionals.
Privileged access happens when someone uses an administrative account or a credential with elevated rights to perform technical maintenance, make changes, or address emergency outages in an IT or digital system. This can occur either on premise or in the cloud.
Another symptom of an overworked IT department is the proliferation of these privileged accesses. It’s always easier to get things done when many people have access to elevated privileges. There’s no need to ask someone else to perform privileged access when you can do it yourself. Unfortunately, this proliferation leads to additional security issues.
Privileged access risks result from the proliferation of privileges, the potential for human error in using privileges (such as administrator mistakes) and unauthorized privilege elevation (techniques that attackers use to gain higher-level permissions on a system, platform or environment).
Lack of resources, and proliferation of privileged access lead to higher levels of security risk in an organization. Automation is a tool that can be used to mitigate both of these risks. First let’s have a look at how automation can be used to help reduce the amount of work that needs to be done, and as a result reduce the risk of errors.
Making mistakes in many day-to-day IT tasks can result in serious security problems. Providing permissions to the wrong people, neglecting to remove access to people that leave the organization, and copying sensitive information (such as customer information) to unprotected storage, are examples of simple mistakes which can lead to large security exposures.
Automating these day-to-day IT tasks can significantly reduce your risk in a number of ways:
Threat windows are reduced because automation can complete tasks (such as deprovisioning access) much more quickly than if done manually.
While the goal should be to automate as much as possible, a series of ‘one-off’ automation solutions may only make things worse. Here are a few critical things you can do to ensure the success of your automation projects.
The second area where automation can be used to reduce security risk is via a reduction in the proliferation of privileged access.
The easiest way to prevent the proliferation of privileged access is to not grant elevated privileges. Instead, use automation to get privileged tasks done quickly. In this way the system itself holds the privileges rather than being delegated to a human. For example, instead of providing help desk staff with administrator privileges to provision new employees to systems, use an automation bot to perform provisioning much more quickly and safely. This can result in zero-trust environments because bots hold the privileges instead of humans.
In addition, you can remove direct system access via delegation of task bots to service desk agents and IT experts to implement a just-in-time access model. In this way the automation platform controls, manages, and stores credentials. In this model, there is no need to give employees such as service desk agents any standing privileges. The automation system can track and report on executed bots in order to facilitate auditing.
The third area where automation can be used to reduce security risk is by automating responses to security incidents. As mentioned, one of the top challenges for security teams is the overload of day-to-day tactical activities. Security teams struggle with constant alerts, manual investigations, and dizzying array of tools. When security teams don’t have enough time to respond to alerts or do investigations the security posture of an enterprise can be comprised. This is where automation can be used to follow up on alerts and take automatic remedial action.
Let’s take the example of a company that receives a number of alerts from their SIEM (Security Information and Event Management) device. One of the alerts received relates to users being locked out of their accounts. Manually having to follow up with employees to determine if the lockout is justified or is just an error, can be tedious and time consuming. Resolving a lockout using automation would be much more efficient. A possible automation solution could look something like this:
This is just one example of how automation can be used for Security Orchestration, Automation and Response (SOAR).
Readibots provides a 100% cloud-based Automation-as-a-Service (AaaS) platform. Both cloud-based and on-premise tasks can be automated. Readibots’ READI platform is designed specifically for IT automation and is based on familiar PowerShell code. You can rapidly modify or create your own bots with just a few lines of PowerShell code. No Java or C expertise is required. Hundreds of out of the box bots are provided to get you started quickly.
Readibots allows you to automate day-to-day IT tasks to significantly reduce your security risks due to human error. In addition, Readibots provides an enterprise platform that allows you to create, manage, control and report on automation in your organization. Readibots allows you to:
TaskBots get the work done right, the first time and every time. Eliminate the cost and security threats of human error and gain complete insight into what was run and changed over time.
The thesis behind the Readibots’ platform is that privileged access should be avoided. Start with an entirely locked down system, automate everyday tasks so no one needs privileged access, and then allow users to run bots to accomplish specific tasks, but where the bot holds the privilege and credential, not the administrator. In these situations, no trust is necessary. Privilege access is only granted in situations where a bot cannot do the job and where an IT user cannot use an automated tool or UI (which holds the credential) to get the job done.
From inception to execution, the READI platform ensures that your bots’ code is secure with RBAC delegation and digital signatures. You can secure their execution by delegating access to the right bot, the right data, and the right people.
To see how the Readibots platform can help you automate to reduce human errors, control the spread of elevated privileges, and improve your security risk exposure, request a demo at www.readibots.com
It’s 10am on a sunny spring morning and Manhattan is buzzing with crowded sidewalks and yellow cabs flying by at light speed. Fresh from LaGuardia and having enjoyed the brisk morning walk, I open the giant glass door and enter a mega-lobby of fine marble; I've arrived. A quick sign-in process, a bag scan, and rocket elevator ride, and I am seated in a conference room, greeted by some very concerned looking security folks. "We have a big problem!" says one of them. "The CIO discovered an open file share while browsing the network. He poked around and found a ton of mortgage documents full of sensitive information. Not good! We need to get this fixed."
During my time as founder and CTO at STEALTHbits Technologies, this was just one example of many shocked customers that sought our help to solve a data security crisis. "We have no idea how many more of these shares are out there." Organizations would discover unprotected data that put them at risk and then issue an emergency mandate to find and clean house; they wanted to make it secure - yesterday!
The question is, how did it get this way? It’s not as though the organization didn’t care about security and then suddenly did.
In my experience, one of the leading causes of this was procrastination. Not intentional human procrastination but process procrastination. In every organization, there are key trigger events where analysis and remediation processes should kick in. Examples might be role changes, departmental leadership changes, project lifecycle events, and terminations. Responding to these events will allow an organization to avoid the backlog of issues that ultimately lead to major data liabilities, and a very unhappy CIO.
The simple answer: usually because the problem outpaced the tools to solve the problem - and so not knowing, led to not doing. To solve this problem the organization would have to put in place processes for key organizational events. Designing the process would have been a first step, but it would likely have never left paper. Manual fulfillment would not have been conceivable. The only way to successfully pull this off is with automation. But most automation tools are such an undertaking that they fall into another bucket of corporate strategy; the catch-all automation initiative. And that's usually focused on business process automation rather than information technology automation.
This is where identity automation comes in. Identity automation is a special type of automation that is designed for the needs of IT teams. It's about responding to the many events that occur during the lifecycle of an employee, project or department. As a central hub that receives incoming events from an organization's HRMS, IGA and ITSM (and any other system for that matter), the identity automation platform provides the organization with the ability to respond using lightweight, IT-centric automation. In many cases, that might involve an attestation workflow, maybe a notification, and in some cases, a data permissions change. But whatever the case, with a well-designed identity automation technology, it goes from process design to implementation in days.
While these two disciplines are typically addressed with very different solutions, they are fundamentally two side of the same coin. Identities create data, the data is stored, and when an identity changes, that's the time to examine the data and determine what to do with it. Today, in most organizations, this is an un-processed event; a missed opportunity. The event exists, and often an IGA solution will perform some basic operations, but real identity automation does not occur. And herein is the procrastination. By leaving this event unprocessed, we end up with the need for data cleanup and in some cases, a crisis when unprotected sensitive data is discovered. Using identity automation, an organization can maintain a clean house, responding to every identity event with suitable processes that ensures sensitive data is re-provisioned and secured in real-time, avoiding the aftershock that inevitably comes later. A relatively simple and low-cost investment can streamline identity operations and prevent downstream emergency data access governance projects. DAG becomes an audit, rather than a fix.
Read more about the Readibots Platform and how it call help you avoid security procrastination.