These days, when it comes to stealing your data, cyber-criminals aren’t worried about bypassing your perimeter security and firewalls because they’ve found another way in, using rather simple tactics.
Bad actors are using social engineering as their tool of choice to obtain privileged user credentials. According to Forrester, 80% of security breaches involve privileged credentials, and while they are the ones who need it the most, privileged users are seldom audited at the depth that would allow employers to become suspicious of their activity. This leaves intruders using these accounts free to pilfer organizations information and resources. Consequently, companies are adopting the technology to monitor behavior and secure their sensitive data.
Focus on Behavior
Detecting and stopping the use of compromised privileged user credentials requires a powerful combination of technologies to save time and resources.
Organizations can use monitoring technology to spot anomalies in user behavior, and the use of behavioral analytics is also a best practice: tracking users’ past behavior to predict future behavior. This gives organizations more accurate insight into users’ activity.
In addition to monitoring exports and employee activity, these technologies look for deviations in user behavior such as time of login, disparities in geo location and access of internal systems.
An organization’s networks now include third-party contractors and business partners who may have unnecessary access to company data. Mission-critical applications should be monitored to oversee who is accessing what information.
Access to sensitive information, such as trade secrets, consumer information and payment card data makes insiders a particular threat to the organization.
For instance, imagine that your vice president of HR starts to look at your trade secrets or into the infrastructure layout of your network within your Salesforce instance, something they have never done before. Behavioral analytics would proactively alert you about such unusual behavior, allowing you to block access immediately upon detection and prevent an incident from becoming a full-blown breach.
Train for Security
The majority of cyber-attacks originate from well-meaning insiders accessing a malicious email, so in addition to these monitoring technologies, organizations should implement training to mitigate risk associated with compromised privileged user credentials.
Creating a mobile device policy that leads employees toward password protection and secure usage will also reduce risk. In addition to your own rules, make sure your employees are fully aware of the laws they must comply with when handling your organization’s or customer’s data.
Devise a deterrent in the form of a well-defined sanctioning policy, and inform employees that their activity is being recorded through monitoring technology and that they are held accountable for any misuse of the organization’s resources. Training on your acceptable use policies, monitoring technology, current cyber threats and sanctioning will aid in defining a strong culture of security.
Finally, organizations should apply the “Principle of Least Privilege” to their employees’ permissions, which allows the least amount of privilege necessary for a user to properly perform their role.
A People-Centered Approach
Cyber-criminals are industrious and endlessly innovative, which means that organizations must maintain constant vigilance. Attackers are keen to steal the credentials that would give them privileged access so they can take their time exfiltrating your data without detection.
Securing your network today is about more than securing your perimeter; it requires a people-focused approach that both trains employees in security best practices and monitors their behavior to detect insider threats. Early detection means quicker resolution, taking the keys to your “vault” out of the hands of bad actors.