In the previous post, in the backdrop of the cyber-attack on, we analyzed the main challenges associated with achieving the highest level of information security in enterprises.

Let us now analyze the causes of security incidents:

Past trends show that the exact cause of most of the security incidents goes unreported. Of course, there have been instances where the culprits had been brought to book and their modus-operandi revealed to the outer world. But, the fact remains that exact cause of most of the incidents remains a secret, unfortunately.

Traditionally, keylogger trojans (which monitors keystrokes, logs them to a file and sends them to remote attackers), cross-site scripting (which enables malicious attackers to inject client-side script into web pages viewed by other users and exploit the information to bypass access controls) and viruses have mostly acted as the security attack channels.

However, of late, as stolen identities seem to have served as the ‘hacking channel’ for most of the cyber-criminals, analysts generally believe that improper management of the Administrative Passwords, which are often aptly referred as ‘Keys to the Kingdom’, is at the root of many security threats.

Another harsh fact is that many a sabotage had been caused by the insiders of the enterprises. Either disgruntled staff or greedy techies or sacked employees were involved in many of the security incidents. That means, in this hi-tech era, breach of trust could occur anywhere, anytime leading to serious consequences. Quite often, lack of well-defined internal controls and access restrictions pave the way for security incidents.

A few other incidents indicate that access controls and state-of-the-art authentication mechanism are just not enough. Due to lack of proper monitoring of the activities in the network, suspicious activities are left unidentified for a considerable time, paving the way for a major breach, which could have been prevented.

In summary, analysis of the security incidents happened in the past broadly indicate that:

  • Businesses of all types – financial firms, healthcare institutions, federal agencies, service organizations, hospitality sector, educational institutions, hi-tech enterprises – and all sizes are impacted
  • Establishment of intrusion detection systems and other security infrastructure are essential, but they alone could not effectively combat security incidents
  • Lack of real-time monitoring and reporting on suspicious activity proves costly
  • In many incidents, disgruntled insiders had acted with malicious intent and caused the damage
  • Lack of internal controls, access restrictions, centralized management, accountability, strong policies and to cap it all, haphazard style of privileged password storage and management makes the organization a paradise for malicious insiders
  • By and large, the perpetrators have stolen the digital identities of others to creep in to the network and wreak havoc
  • The security incidents have resulted in huge financial loss and damage of reputation to the enterprises

In the next part, we shall analyze the causes further and take a look at the network security scenario in enterprises…

ManageEngine Password Manager Pro

Quick Video| Free Trial Download| White Papers | Success Stories

This site uses Akismet to reduce spam. Learn how your comment data is processed.