Starwood Data breach: A Reminder of Why IT Management Best Practices Help Keep Your Infrastructure Clean & Secure

This morning Associated Press reported that a massive data breach occurred inside the Starwood network.  Five hundred million records containing personally identifiable information were stolen, exposing email addresses, credit card numbers, passport numbers, and birthdates.  Marriott, who owns Starwood, told security analysts that unauthorized access to data has been taking place since 2014.  The AP mentioned that it might very well be the largest data breach on record.

This is the third time that Starwood Hotels faces a major security incident. In 2016, hackers installed malware inside their payment processing systems that collected data from their point-of-sale kiosks at nineteen locations in the US. Considering that the new hack occurred after the GDPR regulation took effect, it’ll be interesting to follow how the matter is handled with the European Union. Currently, Marriott has been proactive in getting ahead of the crisis, as it stands to receive a hefty fine if it doesn’t comply with all the GDPR guidelines. It will surely be an important test case since the regulation affects large corporations as well as small and medium-sized businesses around the world.

From the IT Management perspective, it is a reminder of how important it is to put in place a series of best practices to keep your infrastructure clean and secure.

Patch Management: Consistency Over Speed

Data breaches from cybercriminals launching attacks targeting a specific vulnerability before the vendor has had time to fix it— are amplified in the media.  But, the reality is that the majority of attacks are a little less spectacular. According to the Fortinet Q2 2017 Global Threat Landscape report, 90% of organizations that the company protects had experienced cyber-attacks during which intruders tried to exploit vulnerabilities that were three or more years old. This is testimony that there is a lack of consistency in when it comes to patch management.

Patch management protects endpoints effectively against known vulnerabilities when done on time.  IT organizations need to implement a process that includes checking regularly for software and systems updates.  They also need another procedure for defining when it is safe to deploy a patch so it doesn’t cause any disruptions, especially for mission-critical systems that are in production.  It is no secret that rush deployments can be the culprit. A bad habit is to focus on patch management only when there is a crisis and overlooked updates in normal times. While patch management plays a critical role in protecting an infrastructure, there are additional simple steps that an IT organization can take to improve security.


How to Tighten Active Directory Security

Track and clean stale user and computer accounts

As a company grows and the number of users and endpoints reach a critical mass, it becomes harder and harder to keep a tight grip on security. In Active Directory, every user and computer have an account that provides access privileges. As people and systems get shifted, renamed and decommissioned, they often leave stale AD accounts that can potentially be used to hack into a company. The process of cleaning up old, unused but still enabled AD accounts is a tedious manual process, but a very easy one if you have an appropriate IT management solution capable of automating this task.

Every company with a large AD should use a Process Automation to periodically scan all AD records and disable/remove stales accounts. Using the right tools, you can easily maintain a lean and secure Active Directory.


Secure your Admin Accounts

Do not use a common password for your local accounts, especially the local admin account.  For best security, nobody should know any local admin account’s passwords… ever!

How do you do that? Use a password management system that randomizes the admin password on all your machines regularly. For instance, Microsoft LAPS. Implementing MS-LAPS will render the hacking of local admin password almost impossible. And to ease the pain of password randomization, use an IT Management System like Goverlan that supports MS-LAPS.


IT Reporting & Asset Inventory:  Keep track of your Endpoint Landscape

The first thing about securing an IT infrastructure is that you can’t secure what you don’t know you have. Gathering and consolidating inventory data in Excel on every endpoint on your network can be done manually. However, it quickly becomes a nightmare to maintain and keep up-to-date. As a result, this is a process that needs to be automated and streamlined for the sake of expediency and accuracy.

It is also a best practice to save a detailed snapshot of your endpoint landscape on regular basis, so the data collected on systems and running processes can be used for root cause analysis in the aftermath of a security incident. The faster you know about how it came about, the faster you will be able to secure your infrastructure the next time around.


Endpoint Compliance: Audit your Systems and Privileged Access to Detect Issues

Goverlan’s IT Process Automation (ITPA)  is great for auditing privileged access and discovering undesired activities. Sysadmins use them for the detection of a misconfiguration, a missing patch, a suspicious or prohibited activity such as the installation of a blacklisted application. Basically, anything that involves an undesired change of system configuration or computer state. Building a runbook of  Scan, detect, remediate workflows is effective when it comes to keeping your endpoints compliant.

Moreover, ITPA core functionality consists in providing a console operator with the ability to build workflows to automate IT processes and dispatch their execution on multiple computers or active directory objects at once. As a result, it can also be used for deploying software updates or patches, as well as to performing global configuration tasks in real-time.

One of the takeaways of the Starwood hack is that IT Organizations need to be equipped with tools that will not only enable them to mitigate risks on a regular basis but react faster after a security incident takes place. But, it is not the only thing.  There is nothing that is going to replace following IT Management best practices, especially at a time when infrastructures are getting even more complex with the addition of unattended endpoints such as Point of Sale kiosks and digital display assets.

Leave a Reply