It’s been said: never let a good crisis go to waste.
And when it comes to recent data breaches at some of the biggest names in business, the media has certainly been guilty at times of veering into the realm of sensationalism.
There’s a lot of media hype stating that the cyber attacks on companies such as Anthem and Sony Pictures were the result of sophisticated hacks. But, the reality is that these incidents were not particularly advanced, nor unexpected. In fact, most cyber attacks succeed simply because of poor internal cyber security processes and a lack of technology to mitigate identity and access abuse.
For example, at many of the breached companies, you will find:
- The same password on many – if not all – workstations and servers.
- Password spreadsheets that are available in the clear and/or shared between users.
- Administrator passwords that are not changed for years, and are often still known to former employees and contractors.
- No attempts to limit the lifetimes of administrator accounts, or the scope of their usage.
Networks and domains are poorly designed in such a way that intruders who capture an administrator name and password can go anywhere they want, because everything is connected.
The typical defense presented by some companies that were breached is that they had firewalls and intrusion detection systems in place. Unfortunately, the sad reality is that such perimeter security tools are largely ineffective against advanced cyber attacks because of how they operate. Users invite intruders in by clicking on infected links or running programs attached to phishing emails.
How to Avoid Being a Data Breach Headline
If you don’t want your company to be the next data breach headline, start with the assumption that every workstation is compromised, and every device connected to the network is infected and under the control of outsiders.
Employees (both IT and regular users) must modify their behavior and use multi-factor authentication. Escalated access must be requested and approved, and only for a limited time. Finally, interior event detection systems must be tuned to find anomalous activity based on the unique characteristics of each company.
Where Privilege Management Fits Into Cyber Security
Our role in this cyber security strategy is to automate password and SSH key changes. That way, no privileged credential has a long lifetime, and escalated access on all systems by any employee is controlled.
In other words, we don’t leave the doors open for criminals, nor do we allow hackers to anonymously move from system to system over an extended period of time. Which is what happened at many of the recently breached companies you’ve read about. Since we eliminate known, static and shared passwords, any captured credential has a limited lifetime and no access to multiple systems.
Today, despite what you may read in the media, it’s not about stopping cyber attacks. It’s about minimizing the consequences of breaches.
By Philip Lieberman, President and CEO, Lieberman Software
Mr. Lieberman is an astute entrepreneur able to perceive shortcomings in the cyber security market, and fill those gaps with innovative solutions. He developed the first products for the privileged identity management space, and continues to introduce new solutions for this burgeoning security field.