Although ransomware, botnet and DDoS attacks grab the headlines, companies may have a bigger problem. And it is coming from the inside. How To Prevent Insiders From Breaching Your Data?
According to Forrester, 80 percent of breaches involve “privileged users” who have access to critical systems. These users include system administrators, network engineers, database administrators and contractors.
Sometimes they steal data themselves. Other times they are the targets of phishing emails and social media posts. Either way, it’s a serious problem. And companies often do a poor job of keeping themselves safe from such attacks, according to James Stanger, chief technology evangelist for IT trade association CompTIA.
One of the most important things companies need to do is watch privileged account activity in real time, Stanger said. How do we Prevent Insiders From Breaching Your Data?
“Security people blame the end user for breaches. They have for decades. But when you ask companies, ‘Can you show me right now what all your privileged users are doing?’ there’s silence,” he said.
“There are too many cooks in the kitchen, and they’re not coordinating with each other,” Stanger said of some companies where account monitoring isn’t a priority. We need to Prevent Insiders From Breaching Your Data.
The who-does-what problem is compounded when outsiders are added to the mix. Many businesses allow vendors to access information they store in the cloud. Configuration errors are common in these cases. Sometimes these errors inadvertently expose data to the world at large. Other times, administrators forget to remove vendor privileges when a project is completed. In a global PwC survey, 41 percent of respondents (business executives) blamed security incidents on outside business partners.
Ideally, all accounts — including those of privileged users and vendors — should be monitored from one central location, Stanger said. Today’s software allows companies to do that. They can deploy the software themselves or work with a third-party provider. A monitoring system alerts security officers if someone’s account changes or deletes important data. An alert is also issued if data is exported in large batches.
Making It Harder For Hackers
Monitoring can halt a breach in progress, stopping malicious insiders. But it can’t keep outside hackers from worming their way in. Unfortunately, too many privileged account holders are making it easy for them.
Everyone in the organization should be using strong passwords, said Michael Kaiser, executive director of the National Cyber Security Alliance, a nonprofit public/private partnership that promotes cybersecurity and privacy. Privileged account holders should use additional security measures such as a security key, which plugs into a machine for secure access, or biometric identification, such as eye or fingerprint scans.
“Anyone with broad access to the network needs security credentials as strong as possible, because so much harm can be done if they’re compromised,” Kaiser said.
When looking for privileged users to serve as pawns, hackers often target high-level IT administrators and executives, using tools to hack passwords or phishing with emails. Phishing attacks have become increasingly sophisticated.
For example, just before one company was about to make an acquisition, someone hacked the CFO’s email account, Stanger recalled. The hacker then sent the CEO’s secretary an email purporting to be from the CFO. The email directed her to click a link. Doing so would have initiated a wire transfer of funds, supposedly for the acquisition.
The language and style of the email were pitch-perfect. But the scheme was foiled when the secretary checked with her boss before clicking.
Privileged account holders and those who work with them should be on guard for suspicious links and attachments. They should always check with the sender in person or by phone before clicking, Stanger said.
If a privileged account is hacked, the attacker may install a keylogger that records every keystroke the user makes. That could lead the hacker to databases containing credit card numbers or personally identifiable information that they can sell on the dark web.
It may take a hacker some time to find information worth stealing. The intruder may need to use coded commands to escalate privileges on the account or try hacking a different one, said Andras Cser, vice president and principal analyst for security and risk management at Forrester. What can we do to Prevent Insiders From Breaching Your Data?
“Hackers do a lot of moving laterally from one machine to another, searching for vulnerabilities and stealing data,” Cser said.
To keep them out, companies should use an enterprise password manager or vault, he said. The vault should be configured to automatically change the passwords of IT administrators every time those administrators log off sensitive databases.
“If passwords change all the time, snooping is no longer efficient,” he said.
Companies also need to avoid “privilege creep,” and Prevent Insiders From Breaching Your Data which occurs when an employee is given access to confidential information in one area of an organization, then moves to a different position and obtains access to other critical data — without having the earlier access revoked.
Privileged accounts hold the keys to an organization’s vital resources. Too often, the people who have those privileges behave carelessly. Companies that monitor privileged accounts in real time, improve the use of passwords and regularly review account access stand the best chance of avoiding a costly and embarrassing breach.