Earlier this week, the Ponemon Institute, sponsored by Juniper Networks, released a report on Perceptions about Network Security, which surveyed IT and IT security practitioners about their organization’s response to threats against network security. Highlights of the report that have been discussed in IT media include 9 out of 10 organizations having been breached in the past year and the costs of such breaches were over $500,000 for 41 percent of respondents. An interesting statistic deeper into the report was that 52% of breaches came from insider abuse. With the wave of breaches that have occurred by infamous hacking groups, this silent killer continues to take a back seat in the information security conversation.
Data and information, like water, will flow to the path of least resistance. A determined insider can breach a network if they desire. Too often the conversation focuses on preventative technologies that block malicious software or intrusions or monitor and stop extrusion of sensitive information. Unfortunately, too little focus is placed on proactive measures around endpoints such as securing privileged accounts, managing the applications that can run on systems, and secure configuration. Data centers often apply these techniques to protect the valuable data that resides therein, but most desktops and laptops are left as an afterthought.
The number one endpoint where breaches occurred in the study was employee laptops. Laptops go in and out of the controlled corporate environment to home and public networks with questionable security. The also act as a gateway to valuable databases, file shares, and other information repositories within a corporate network.
Much has been said about the consumerization of IT and the need to enable users to do their business with any device, anywhere, at any time. Organizations need to balance this demand for accessibility with a secure operating environment on all devices and apply the same techniques of system hardening on client devices as have been done on servers.