Chief Marketing Officer
Security threats are growing continuously. In addition to hacking and malware, recent years have seen the growth of ransomware and various forms of pretexting. There are simply too many actors and too many threats for any company to completely avoid compromise.
In addition to external threats, security issues are often caused by bad internal actors or by simple human error. The Verizon Data Breach Report[1] for 2022 concludes that the human element continues to drive breaches. This year 82% of breaches involved the human element. Whether it is the use of stolen credentials, phishing, misuse, or simply an error, people continue to play a very large role in incidents and breaches alike. Sixty-two percent of breaches were either caused by human error, or human error contributed to the breach.
So, what can an enterprise do to manage and reduce the human element of breaches? There is no such thing as 100% security or a silver-bullet solution. But there are proactive things companies can do to improve their overall security posture.
[1] Verizon Data Breach Investigations Report 2022
Many security professionals have the perception that the biggest threats are external, but as can be seen from the Verizon report, many breaches come from simple human error. It’s not that people aren’t doing their jobs, it’s that there isn’t enough time to do everything that needs to be done.
IT Professionals and cybersecurity leader’s today are burnt out, overworked and practice an “always-on” mode. This is a direct reflection of how technology has expanded over the past decade. Networks and infrastructures have expanded in size, scope, and complexity both on premises and in the cloud. Digital transformation has forced organizations to push out more digital systems more quickly. In addition, many organizations have older, traditional systems running applications critical to the business. The amount of work needed to maintain, patch, update and monitor all of these systems is huge.
In addition, over 80% of North American IT departments have skills gaps. Globally, IT skills gaps have increased by 155% in three years.[1] These gaps lead to several issues including stress, development and deployment delays, and errors that lead to security exposures.
The increased level of digital connections has forced organizations to put significantly higher levels of effort into controlling and evaluating the cyberhealth of not only their systems, but also systems of external parties.
Most companies don’t have enough skilled IT resources, let alone hours in the day, to deal with all the changes, updates and operations required to support their end-users. This inevitably leads to mistakes, missing critical updates, and shortcuts which open holes to hackers.
[1] Global Knowledge Network, 12 Challenges Facing IT Professionals.
Privileged access happens when someone uses an administrative account or a credential with elevated rights to perform technical maintenance, make changes, or address emergency outages in an IT or digital system. This can occur either on premise or in the cloud.
Another symptom of an overworked IT department is the proliferation of these privileged accesses. It’s always easier to get things done when many people have access to elevated privileges. There’s no need to ask someone else to perform privileged access when you can do it yourself. Unfortunately, this proliferation leads to additional security issues.
Privileged access risks result from the proliferation of privileges, the potential for human error in using privileges (such as administrator mistakes) and unauthorized privilege elevation (techniques that attackers use to gain higher-level permissions on a system, platform or environment).
Lack of resources, and proliferation of privileged access lead to higher levels of security risk in an organization. Automation is a tool that can be used to mitigate both of these risks. First let’s have a look at how automation can be used to help reduce the amount of work that needs to be done, and as a result reduce the risk of errors.
Making mistakes in many day-to-day IT tasks can result in serious security problems. Providing permissions to the wrong people, neglecting to remove access to people that leave the organization, and copying sensitive information (such as customer information) to unprotected storage, are examples of simple mistakes which can lead to large security exposures.
Automating these day-to-day IT tasks can significantly reduce your risk in a number of ways:
Threat windows are reduced because automation can complete tasks (such as deprovisioning access) much more quickly than if done manually.
While the goal should be to automate as much as possible, a series of ‘one-off’ automation solutions may only make things worse. Here are a few critical things you can do to ensure the success of your automation projects.
The second area where automation can be used to reduce security risk is via a reduction in the proliferation of privileged access.
The easiest way to prevent the proliferation of privileged access is to not grant elevated privileges. Instead, use automation to get privileged tasks done quickly. In this way the system itself holds the privileges rather than being delegated to a human. For example, instead of providing help desk staff with administrator privileges to provision new employees to systems, use an automation bot to perform provisioning much more quickly and safely. This can result in zero-trust environments because bots hold the privileges instead of humans.
In addition, you can remove direct system access via delegation of task bots to service desk agents and IT experts to implement a just-in-time access model. In this way the automation platform controls, manages, and stores credentials. In this model, there is no need to give employees such as service desk agents any standing privileges. The automation system can track and report on executed bots in order to facilitate auditing.
The third area where automation can be used to reduce security risk is by automating responses to security incidents. As mentioned, one of the top challenges for security teams is the overload of day-to-day tactical activities. Security teams struggle with constant alerts, manual investigations, and dizzying array of tools. When security teams don’t have enough time to respond to alerts or do investigations the security posture of an enterprise can be comprised. This is where automation can be used to follow up on alerts and take automatic remedial action.
Let’s take the example of a company that receives a number of alerts from their SIEM (Security Information and Event Management) device. One of the alerts received relates to users being locked out of their accounts. Manually having to follow up with employees to determine if the lockout is justified or is just an error, can be tedious and time consuming. Resolving a lockout using automation would be much more efficient. A possible automation solution could look something like this:
This is just one example of how automation can be used for Security Orchestration, Automation and Response (SOAR).
Readibots provides a 100% cloud-based Automation-as-a-Service (AaaS) platform. Both cloud-based and on-premise tasks can be automated. Readibots’ READI platform is designed specifically for IT automation and is based on familiar PowerShell code. You can rapidly modify or create your own bots with just a few lines of PowerShell code. No Java or C expertise is required. Hundreds of out of the box bots are provided to get you started quickly.
Readibots allows you to automate day-to-day IT tasks to significantly reduce your security risks due to human error. In addition, Readibots provides an enterprise platform that allows you to create, manage, control and report on automation in your organization. Readibots allows you to:
TaskBots get the work done right, the first time and every time. Eliminate the cost and security threats of human error and gain complete insight into what was run and changed over time.
The thesis behind the Readibots’ platform is that privileged access should be avoided. Start with an entirely locked down system, automate everyday tasks so no one needs privileged access, and then allow users to run bots to accomplish specific tasks, but where the bot holds the privilege and credential, not the administrator. In these situations, no trust is necessary. Privilege access is only granted in situations where a bot cannot do the job and where an IT user cannot use an automated tool or UI (which holds the credential) to get the job done.
From inception to execution, the READI platform ensures that your bots’ code is secure with RBAC delegation and digital signatures. You can secure their execution by delegating access to the right bot, the right data, and the right people.
To see how the Readibots platform can help you automate to reduce human errors, control the spread of elevated privileges, and improve your security risk exposure, request a demo at www.readibots.com
It’s 10am on a sunny spring morning and Manhattan is buzzing with crowded sidewalks and yellow cabs flying by at light speed. Fresh from LaGuardia and having enjoyed the brisk morning walk, I open the giant glass door and enter a mega-lobby of fine marble; I’ve arrived. A quick sign-in process, a bag scan, and […]
Read More