Financial institutions (JP
Morgan Chase and others), Retail Stores (Home
Depot, Target, Niemen Marcus), Restaurants (Dairy Queen, PF Chang),
Universities (University of Maryland, Iowa State University, Wisconsin State
University), Celebrities… If we’ve learned one thing this year it is that no
one is safe, no one is immune to sophisticated hackers, malware, advanced
persistent threats and zero-day attacks.
Here are some
more examples of breaches that you might not know about, but probably
should. Many of these breaches are now being attributed to "Backoff" malware, which the Department of Homeland Security has recently issued an alert to businesses on.
Despite IT teams working endlessly against these threats,
they are still getting through. The harder IT security teams work, the more
pervasive hackers and malicious bodies get. It seems like a never ending,
extremely vicious cycle, and no single approach to security is enough. Experts in the analyst community do point to
the removal of administrative rights as a fundamental step in IT security:
“Run more of your windows users without administrator
rights… the single most important way to improve endpoint security” ~ Neil
MacDonald, VP & Gartner Fellow
“If target used some type of application controls (from Bit
9, Kaspersky, McAfee, Viewfinity, etc.)… it may have had a better fighting
chance.” ~ Jon Oltsik, Senior Principal Analyst for ESG: The
The SANS Institute: “The Critical Controls
represent the biggest bang for the buck to protect your organization against
real security threats… The five quick wins are:”
A smart move. Close
down security loopholes and vulnerabilities by removing admin rights and
controlling what applications can run in your environment. Here is a link to a
webinar that Viewfinity recently ran with renowned security
expert Marcus Murray: How
Hackers Exploit Admin Rights to Access Your Systems. The webinar does a
great job outlining the different security risks associated with excess admin
rights in your environment. It’s definitely worth a watch.
Additionally, at the end of this month we’ll be running a
webinar: Best Practices for Removing Admin Rights: A Step-by-Step Approach.
Keep an eye out for more information regarding this event. We highly recommend
this webinar if you have not removed admin rights, or have removed rights but
are looking for a streamlined and automated approach to managing privileges and
to cut down on IT overload. We know that your security teams are doing
everything they can, but they don’t have to do it alone. For more information
on the Viewfinity solutions and how we can help you pave the way to better IT
security, visit our website.