The Weakest Link: Humans As An IT Security Risk

Misconduct, inaccurate policies, and misconfigurations of endpoints are common vulnerabilities.

• The cyber kill chain usually looks for the weakest link in the chain, which is often people.
• An analysis of Bitdefender telemetry of 110,000 endpoints in the first half of 2020 shows that misconfigurations and the “employee weakness” are the number one causes of a very high percentage of cyberattacks.
• Misconduct by employees can undermine the multi-layered security of defense solutions, which is particularly important for small and medium-sized companies.
• Protection against human error will consist of a mixture of IT products plus security services in the future.

While in Hollywood films, hackers always break through security systems and firewalls with great effort, reality often looks different. Few attacks require a cinematic level of effort. Employed and incorrectly configured systems usually take over the main work and create vulnerable gateways. The episodes are also effectively aimed at the main weak points of corporate security – one of which is often the human being.

Endpoint misconfigurations cause about a third of all security incidents, and imprecise remote management policies leave hundreds of thousands of systems vulnerable. Plus: 93 percent of employees use old passwords again and again. According to Bitdefender’s Security Intelligence Cloud telemetry, this represents only a tiny fraction of the security incidents expected in organizations.

They buy unique solutions and hand over the responsibility to an already overstretched IT team. But the administrator needs help. Given the targeted attacks, specialized security services are a better answer. Only large organizations with the appropriate budget can afford these services of a Security Operations Center (SOC). In the meantime, however, the offer on the market has become more democratic. Managed Services Providers (MSP) and Managed Security Services Providers (MSSP) offer bundles of Enterprise Detection Response (EDR), Managed Detection and Response (MDR), and SOC services that are also available for smaller and medium-sized companies within reach.

Human Factor

Regardless of the security measures taken by organizations, user behavior remains a challenge. Human error doesn’t just include a person opening a malware attachment or falling for a phishing attack. It encompasses all user actions and behaviors that allow a malicious message to reach the employee, malware to gain a foothold or the security event unnoticed.

In addition, employees often subvert defenses by bypassing policies and IT processes in favor of procedures they find quicker and easier. A prime example is password reuse—the number one employee-caused risk. 93.1 per cent use login data they have previously used or used for other access. Companies are partly to blame for the misery: They allow employees to choose these passwords without determining how to change them. However, IT must define and enforce specifications that are intended to prevent employees from interfering with security-related processes and settings. The top management is also required to support such operations.

With The Wrong Attitude

Human errors happen to administrators too. With a lack of staff and given more complex systems, they are quickly overwhelmed. The risk begins with poorly defined enterprise-wide security policies. For hackers, they are heaven on earth. An analysis of Bitdefender telemetry from the first half of 2020 shows Window Remote Management (WinRM) is the front runner, and it is incorrectly set on 55.5 percent of all scanned endpoints. Attackers look for WinRM vulnerabilities and other patchy or poorly defined policies to dial into systems and take complete remote control of them. This allows them to run malicious code, change registry keys, or grant PowerShell access.

IT Left Alone

Due to the increasing sophistication and diversification of cyber attacks and chronically understaffed IT security departments, many companies are increasingly at risk. Larger companies can choose to run their SOC, and MDR services offer medium-sized and small organizations an effective and, in most cases, sufficient alternative to outsourcing security.

Such a dedicated security team then takes over and is responsible for the configuration of the endpoints – although it works remotely and still has a complete insight into the infrastructure. The best option is to provide organizations with a comprehensive endpoint risk analysis. Similar to a system audit, technological risks and dangers resulting from human error are analyzed.

MDR offers the benefits and expertise of a SOC at a fraction of the cost. MDR teams work with companies to create pre-approved incident response scenarios. In this way, the defence reacts correctly and faster. Often long before an initially undetected attack has compromised the infrastructure.