Staying One Step Ahead - Understanding Breaches to Beat Them

Written by

According to new research by One Identity, four out of five companies were hit by a data breach in 2017, and hackers are showing no signs of slowing down. This means that it’s extremely important for organizations to keep up – unfortunately, this isn’t always the case.

The research shows that organizations are still struggling to identify and combat attacks, largely because they lack an understanding of how and when these breaches occur. 

Despite the high percentage of businesses that have experienced a breach, most have difficulty pinpointing how the breach happened and when. What is even worse, is that 68% of the businesses expect to be impacted by further breaches in the next year.

Without fully understanding the threats they are facing, how can businesses expect to prevent, or reduce the likelihood of breaches in the future? 

The Culprit – Grasping the Privileged Problem
The solution starts with gaining a better understanding of how attacks originate. More often than not, breaches can be traced directly to employees – and, in 44% of cases, they involve employees with privileged access of some kind. In fact, privileged identity theft was the common denominator in seven of the 10 largest data breaches of the 21st century. 

What is it that makes privileged employees so risky? Many of today’s sophisticated and well-resourced cyber-criminals, some with the backing of nation states, actively target privileged accounts because they hold the keys to the kingdom.

Under the guise of a privileged user, attackers can infiltrate IT systems to steal data on a massive scale and disrupt critical infrastructure. The hijacking of privileged identities and accounts has amounted to billions of compromised records – from credit card details and user accounts, to employee information, health records, and more. 

It’s not just the attractiveness of privileged users as targets that create a problem. The sheer number of privileged users most companies have accessing their systems also poses another significant risk. 

In the average large enterprise, approximately one in ten people have privileged network access, and a startling 59% of those privileged accounts also can be accessed by people outside the organization. Many companies simply place too much trust in third party vendors who can be taken advantage of, as we saw in the infamous Target breach. 

Third party vendors aren’t the only privileged users businesses need to worry about. What about disgruntled ex-employees? A staggering 67% of business admitted that former employees could quite possibly still have network credentials, putting the organization at enormous risk.

Finding A Way Forward
Here are a number of strategies that organizations can adopt to help them better understand their vulnerability and prevent future breaches: 

1 - Closely Identify and Monitor Users with Privileged Access
Security is no longer about simply keeping the bad guys out. Understanding that virtually all breaches are employee related, security teams need to identify and monitor what their own users are doing with their access rights (particularly elevated administrative rights), as part of a comprehensive and cohesive strategy.
Mitigating internal threats requires a different type of authentication than is typically used, where privileged identities are verified continuously, rather than at a single point of time. Achieving continuous authentication depends heavily on analytics – specifically, user behavior analytics.

By capturing data about employees’ digital behaviors, organizations can build a baseline of “normal” user behavior, and through continuous monitoring, they can detect unusual deviations and potentially suspicious activity related to an attack. This is all made possible by machine learning, which enables security systems to learn to identify threats in real-time, without being explicitly programmed.

2 - Educate Users, Privileged or Not 
Risky employee behavior such as sharing privileged credentials, telling colleagues their passwords and sending work files to personal accounts can all threaten network security from the inside. Employees can be the biggest threat, but also the easiest solution. In fact, 80% of IT security professionals agree that educating employees is key to securing the network.

There are a number of training providers within the industry that are currently moving to position cybersecurity training programs as a more proactive measure, rather than serving punishment for clicking on a phishing email. Many of them involve simulations, eBooks and toolkits, often with a creative twist to make them more engaging.

Even the act of providing every day tips and tricks that may seem self-explanatory can help employees do their part to prevent large-scale breaches. 

3 - Conduct Post-Breach Assessments 
Another critical piece to developing a comprehensive security strategy involves the steps organizations take after a breach. Even if a malicious insider does get into the network, businesses are starting to see the benefits of analyzing behavior after the event, so they can determine when the breach occurred, how it occurred, and then take steps to prevent it in the future.

In order to identify an incident and respond quickly, organizations need to develop trusted and repeatable multi-step management and response processes. These plans need to cover must-know facts and steps for reporting, but also include information on external notifications to authorities when a breach occurs, which has become critical since the implementation of GDPR took place.

Cyber-attacks are often facilitated against a major blind spot in an organization’s IT network: the privileged user. In order to identify these threats and fight back, it’s necessary to develop a greater understanding of the IT environment, including who has privileged access, where there are gaps in security education, and to learn when possible from previous breach incidents. 

What’s hot on Infosecurity Magazine?