‘Twas the night before Christmas and all through the house, many creatures were stirring while holding a mouse. Their stockings were hung by computers with care, in hopes that their breakins soon would be there.
It turns out you don’t really need to invite a hacker over for the Holidays… they’ve invited themselves.
A survey of hackers at DEFCON revealed that 81% of them admitted they are far more active during the winter holidays than any other time of year. It turns out that Christmas (56%) and New Year’s Eve (25%) were cited as the two busiest nights for those who pose cyber security threats. The study noted that, while vacations during other times of the year tend to be staggered and therefore ensure some human element is on duty to oversee cyber security risks, the Christmas and New Year’s holidays leave companies far more shorthanded and therefore more vulnerable to cyber security risks.
With hackers on the prowl and personnel scarce, the Holidays seem like a particularly important time to ensure that the automated user provisioning and automatic group management segments of your company’s IAM solution are up-to-date and working properly. But complete cyber security and user provisioning goes beyond just those elements.
Of course, with Christmas just next week, like me, you might have left your shopping a little too late this year…
So while you’re checking out what’s naughty or nice about your network this year, you probably want to consider the following five New Year’s resolutions for next:
Reassess Your Password Management System: 70 to 80 percent of all network damage is performed by a hacker who stole, or worse, guessed the password. When users select passwords they can easily remember such as names of spouses or children or other easily discovered names or numbers, hackers can quickly crack them with readily available password cracking tools. Unfortunately, when users choose more difficult, easily forgotten, passwords, help desk password reset requests increase considerably. Installing a password management system gives users the freedom of choosing their password while allowing administrators to set the minimum password security measures. Better ones can also be used to filter out more than 1 million different words in multiple different languages that are commonly used and guessed as passwords.
Automate Your Access Certification Software: eradicate cyber security risks and access certification issues by using automation and rules engines to validate access.
Calculate Your Metrics Reporting Software: employ automatically generated reports to detect governance, risk and compliance trends around risk-related items and operational metrics such as cyber security vulnerabilities, patching, financial or any other customizable category you desire — a valuable tool for gaining support from executive management.
Automate Your Group Management: link group membership to human resources information systems for optimum and immediate compliance management to ensure only the appropriate people are members of sensitive groups. This ensures group members receive swift, appropriate access to applications or email distribution list based on their job titles, departments or locations.
Take A Look At Identity Intelligence Software: makes all administration action visible, while conducting a real time capture of all activities across an enterprise and presenting a way to reduce user provisioning and identity and access governance cyber security risks.
If you stick to these resolutions, next year’s worst guest for the Holidays might only be cousin Harry.
Get the Top 10 Identity Manager Migration Best Practices Workbook
Start your migration from legacy software with the Top 10 Identity Manager Migration Best Practices Workbook. Use this workbook to think through your information security risk before you transition to next generation identity manager software.