4 minute read
Cyber security: Combating automated attacks with automated privileged processes
Combating automated attacks with automated privileged processes
Cyberattacks present the biggest risk to the UK financial system, according to research released this summer by the Bank of England. Three quarters (74%) of respondents to its H2 systemic risk survey believe a cyberattack poses the highest risk to the sector in both the short and long term. The number of respondents who believe their company is at high risk of attack doubled from 31% in the first half of the year to 62% in the second.
Cyber-criminals are constantly evolving their attack strategies to take advantage of advancing technologies, including IT automation. Hackers and bad actors are progressively developing and deploying automated tools that enable them to carry out a high volume of attacks, rapidly, and on an ongoing basis, without the need for human involvement. These attacks might include credential stuffing, where sets of stolen login details are tried across multiple applications until they hit the jackpot, or using pre-programmed tools to steal login credentials from commonly used websites and applications.
To effectively compete against this level of sophistication, organisations need to combat automation with automation.
Securing privileged IT processes
Many common IT and business functions need to be carried out by privileged administrators with secure access to systems and applications. Their accounts have a great deal of power – for example to access sensitive data, change configurations, and unlock, create, delete or update user accounts. A cyber-criminal who gets hold of the credentials for one of these privileged accounts could cause extensive damage, particularly as these processes often involve multiple systems.
Securely automating tasks and processes that require privileged access can protect them from being compromised by cyber attackers, preventing the exposure of valuable admin credentials, while taking the human out of the equation. This ensures that processes are followed to the letter, while reducing the chance of mistakes that might open the door to a hacker. The business will also benefit from having a full end-to-end audit trail around everything that has gone on, a vital part of governance and compliance with financial regulations.
Automating these routine processes also has the potential to transform productivity.
Reducing the burden on IT
Account management tasks such as resetting someone’s forgotten password or setting up accounts for new joiners are performed multiple times every day. They may be simple, but due to security risks associated with the changes they’re assigned to senior staff. Most IT teams are overworked, with experts spending precious time on tasks they’d rather not be doing.
When a new team member joins, for example, the traditional process is to send a request to the IT service desk to provision the user’s accounts, which may be in four or five systems. When someone leaves, all those accounts must be removed as quickly as possible to ensure security.
Delays in implementing these seemingly simple requests can impact the business directly, and frustrate users by slowing operations down. Even worse, if errors are made while making the changes this can give rise to security risks such as granting a user access to more systems than they need.
Wrap those tasks up in secure automation and they can be safely delegated to a helpdesk engineer or even the user themselves. Alongside saving costs and time, this will free up IT professionals to focus on more value-added activities.
The barriers to adoption
Automation hasn’t been as broadly adopted for IT operations as one might think. According to recent independent research commissioned by Osirium, 92% of IT professionals see the value in delegating IT tasks from admins to the helpdesk or end-users, but less than half (43%) delegate most of their work at present. Risk was listed as the main reason holding respondents back – with concerns over security risks (29%), compliance risks (25%), performance risks (24%) and cost risks (18%) all cited.
The key to mitigating these risks and implementing automation securely is to select a suitable software platform. Currently, just over one third of organisations use robotic process automation (RPA) for IT automation. However, while this approach is good for processing a high volume of similar transactions over and over, IT operations tend to be more complex and require more flexibility. Other automation systems, meanwhile, need to embed usernames and passwords to be able to run commands, which of course introduces the risk of exposure.
Organisations should seek a platform that prevents privileged credentials from being exposed, offers secure connections to IT systems and devices, and makes it quick and easy to build automation scripts – for example through providing pre-built ‘playbooks’ that IT can use for frequent tasks and processes, or as templates from which to create customised scripts. It’s also a good idea to look for a solution that features human-guided automation, which enables non-specialist end-users to ‘self-service’ without calling the helpdesk, but allows IT to review and approve changes before execution.
Automation must now be considered as a critical component of any robust cybersecurity programme. Trying to keep pace with sophisticated cyber-attackers manually is a losing battle.
Automating privileged processes associated with account management tasks will improve an organisation’s defences against ransomware and other cyberattacks. It will also transform efficiency, simplify compliance audits, and reduce the load on IT, while – just as important in the midst of ‘the great resignation’ – delivering an improved service for end-users.
Mark Warren, Product Specialist, Osirium
