Q&A: The growing risk of Windows attacks

ManageEngine recently announced the results of its global Active Directory and Windows Server Security – Trends and Practices Survey for 2016, which found that 70 per cent of IT administrators across the globe agree that their Windows environments are not immune to malicious attacks.

To delve a bit deeper, we spoke to Derek Melber, a technical evangelist for ManageEngine.

Is the actual level of risk growing, or are IT admins simply becoming more aware of threats that have always existed?

The level of risk is growing daily. However, regardless of the level of risk or risks, at the time of the survey 70 per cent of the admins that were queried felt they were not immune from malicious attacks, in general. 

The success rate of attacks on corporate networks is growing. Is this purely a result of growing ingenuity within hacking groups or have changes in corporate security measures played a role?

These two factors are likely playing a role in the growing success rate of attacks, though it’s not really possible to pin it down to one or two causes.

Are internal attacks a rising concern for organisations?

Yes, thankfully we’ve seen organisations become increasingly concerned of attacks.

If organisations are paying more attention to the security of their Active Directories, why is the success rate of attacks still growing?

Simply paying more attention to security does not necessarily mean they have started or completed security tasks. Meanwhile, attackers are constantly growing, becoming more effective and more sophisticated every day.

What could a hacker potentially do to an organisation once he/she gains control of its Active Directory?

Nearly anything is possible once a hacker gains control of the Active Directory. They can tamper with rights and permissions, alter security configurations or misuse user information, just to name a few examples.

Why is having a security solution with change notification alerts so attractive to IT admins?

With change notification alerts, the admin can now "see" changes in real-time. Otherwise, he or she either has to wait for the phone to ring to be alerted, or for an auditor to find the change, or just manually view a log to see if any changes have been made.

Why is gaining awareness of security settings for Windows environments difficult or time-consuming for IT admins? Is there any efficient way to overcome this, perhaps scripting?

First, settings are distributed, as are the reporting tools. Thus, knowing which settings, which configurations and which reports to use is often very challenging. Second, the process of scripting and the idea of efficiency do not go together.

Trying to find, develop and dynamically change scripts and powershell commands can take much more time than just educating oneself on the correct tools and methods to use, which require no scripting or development.

Image source: Shutterstock/alexskopje