Related
Ransomware: Here today, here tomorrow
Derek Manky 19 May 2020
Cybersecurity tips for app development companies
Harnil Oza 19 Mar 2019
Is your P@$$wORD secure?
Matthew Marx 29 Sep 2015
The recent Intersec 2019 held in Dubai had an interesting participant: an American company selling padlocks of increasing size and weight, guaranteed to be unbreakable.
Today, threat actors are no longer intimidated by the size or sophistication of the cybersecurity “padlock.” They are learning to bypass those indestructible padlocks and target the person carrying the master key to open them all. They are now looking for weak links - and in this case, the weakest turns out to be the human element.
Traditionally, the threat actor has been looked at as someone who breaks the veritable software code - the code hacker. In present day times, the hacker now looks for the software defect that even its originators overlooked when they built or modified the business application - known as the zero-day vulnerability.
Such threat actors who discover zero-day vulnerabilities and exploit them get their hefty investments either through the cybercrime syndicates or are recruited by rogue nations targeting selected national infrastructures in target countries. But this is a long drawn out exercise, both in terms of time and effort, and is usually reserved for selected high-impact targets.
Threat actors, therefore, target user credentials and, if the end user happens to be a network or system administrator or other privileged account holders, then that is always the luckiest break for them. Threat actors of all types and their associates are working to gather privileged access credentials in an activity now termed as credential harvesting.
The 2018 Forrester Wave report for Privileged Identity Management points out that 80% of hacking-related breaches use either stolen, default, or weak credentials. If these credentials are from a network or systems administrator or other privileged users, those stolen credentials can provide access to the veritable crown data jewels of the kingdom, inside the network. In short: hackers no longer “hack” in, they log in using compromised credentials.
Planned cyber security hygiene programs
Clearly, all organisations need to have planned cybersecurity hygiene programs to increase the awareness of how threat actors are targeting employees to gain access to their corporate user name and privileged passwords and credentials.
Here are some of the activities that can be planned by organisations:
Users need to be shown the various types of phishing emails and other types of phishing tools like SMS and others. The more rigorous this training, the better for employee awareness and long-term stability.
Organisations need to ensure all devices are registered on the network whether PCs, mobile, IoT, or any other connected devices. Administrators need to segregate the network based on corporate sensitivity and value of data and operations. This is called vaulting and the administrators area needs to have maximum security and protection. All sessions need to have automatic monitoring and auditing.
One of the most effective ways to harden the corporate environment is to optimize end-user identities and remove any local instances of user name and passwords. Top-to-bottom hierarchical privileges, logical workflow access, and just in time privilege requirements are some of the best practices to implement.
A Ponemon study indicates that the average amount of time required to identify a data breach by the end user organisation is 197 days, and the average amount of time needed to contain a data breach once it is identified is 69 days. That is a lot of time for a rogue actor to be floating inside a corporate network. Time for action!