British Airways Cyberattack Emphasizes the Need to Get Security Basics Right, Part 2

    

British Airways Cyber Security Breach

The recent British Airways breach is only one of many recent breach headlines, but it got us thinking about the importance of getting security basics right. All too often, the biggest breach headlines—and the ones with the largest financial and reputational impact—are the result of minor and preventable security vulnerabilities.

Hackers continue to use the same tried and tested techniques because they know that, all too often, companies aren't putting enough time and effort into basic security measures.

In the second of our three-part series on getting the security basics right, we continue our discussion of 10 basic steps your organization can take to mitigate the risk of a cyberattack and limit the damage an attacker can do in the event that one does occur. With data breaches on the rise—nearly 53,000 cyber incidents in 2017 alone, according to Verizon’s 2018 Data Breach Investigations Report—the need to master the foundational blocking and tackling of cybersecurity cannot be overemphasized.

Why Should IAM Be at the Core of Your Security Program? Download our EBook »

Part 1 reviewed three initial steps that can be taken, including creating an incident response plan, implementing data privacy best practices, and educating your users with ongoing security training. To continue the series, here are four more basic steps an organization can take to improve its cyber defenses.

4. Protect the Perimeter

The concept of defense in depth is foundational when it comes to cybersecurity, and although it shouldn’t be your only protection, having a strong perimeter defense is an important place to start.

Tools like incident detection systems (IDS), incident prevention systems (IPS), security incident and event management (SIEM), antivirus software, and firewalls are the building blocks that make up the strong wall that helps keep out would-be attackers and let you know if one does find his or her way in. These tools work together to provide an additional level of security by automatically preventing or redirecting detected threats to protect an organization from a cyberattack. An IPS, for example, can detect higher levels of activity on network devices or at the application host level, which could be an indication of a DDoS attack.

Organizations must also be vigilant against “malvertisements," a method of distributing malware and ransomware packed within code that looks and acts like advertisements. Hackers use these “ads” to focus their attack on targets, much like legitimate businesses do—using location information, demographics, and browsing habits to tailor something worth clicking. Utilizing ad blockers and having antivirus software that checks internet activity for anything malicious or abnormal can protect your organization from this type of malware before it wreaks havoc within your network.

5. Adopt a Zero-Trust Security Mindset

As users bring a number of devices—from laptops and tablets to smartphones and virtual machines—in and out of networks that are both trusted and open, security professionals find themselves having to protect a far greater attack surface than that seen in a traditional office space.

Although network perimeter security is still an important line of defense, a medieval castle-and-moat mentality that assumes everyone and everything already inside the network is friendly is no longer accurate—or secure. Today’s security perimeter is porous, and an organization’s biggest threat is often its own employees.

Your organization must adopt a zero-trust mindset where you verify everything and trust nothing. The key to this approach is to only deliver applications and data to authenticated and authorized users and devices. Furthermore, organizations should implement the principle of least privilege by restricting employee and contractor access to what is absolutely required for them to perform their jobs.

Enforcing a zero-trust model starts by putting a modern identity and access management (IAM) solution at the core of your organization’s security program. IAM solutions automate identity lifecycle management for all users; streamline identity governance by ensuring proper identity and access controls are maintained and updated as your business processes, data classifications, and personnel change; and prevent unauthorized access with flexible multi-factor authentication policies that enhance security without overly burdening users. The key is ensuring the right people have access to the right data and roles when they need it, and at no other time.

6. Eliminate or Augment Passwords

According to the Verizon report, 83 percent of hacking-related data breaches last year were the result of weak, default, or stolen passwords. This means that, even if your organization has the best digital security tools, practices, and policies in place, single-factor authentication is not enough.

Cracking or exploiting a known password provides a central point of attack that even the best tools can’t prevent. In other words, as cybersecurity expert Professor Alan Woodward of the University of Surrey notes, "You can put the strongest lock you like on the front door, but if the builders have left a ladder up to a window, where do you think the burglars will go?"

Moreover, even the best employee training and awareness can’t completely rule out human error. All it takes is one carefully crafted phishing email to trick an employee into giving up his or her login credentials.

And the attacks only continue to get more sophisticated and widespread. For example, earlier this year, a spear-phishing attack infiltrated 144 universities and 36 companies in the U.S. The attackers successfully penetrated about 4,000 of the 100,000 email accounts they targeted, stealing 31 terabytes of intellectual property and causing an estimated $3.4 billion in damages to the universities alone.

Multi-factor authentication (MFA) can help keep a company safe from unauthorized access using stolen credentials by adding a second or third identity verification method—such as one-time passwords, push authentication, and fingerprint biometrics—to be used with or in place of a password. With MFA in place, even if a user falls victim to a phishing attack, the attack would not be successful because the hacker still wouldn’t have the second or third form of verification.

7. Lock Down Privileged Access

Privileged account access is the holy grail for hackers, granting them broad and deep access within a network. The security analysis firm Forrester Research estimates that 80 percent of security breaches involve privileged accounts, meaning they are prime targets for hackers. These privileged accounts can be used to access a company’s most sensitive data, lock out legitimate users, and create ghost accounts and back doors to a network that are very hard to detect.

Putting an IAM solution with privileged access management (PAM) controls in place for administrator accounts can help keep your organization’s keys to the kingdom safe by enforcing the principle of least privilege, time-based expiration, fine-grained access controls, separation of duties, and user-friendly multi-factor authentication for privileged accounts.

Conclusion

Whether they are hacktivists, cybercriminals, nation-states, competitors, or even insiders, cybersecurity threats are ever-evolving and ever-present. Implementing strong perimeter defenses, while enforcing a zero-trust security model that further strengthens security with multi-factor authentication and privileged access management, can help prevent your organization from being the latest victim to hit newspaper headlines.

To find out our remaining four ways to stop cyberattackers in their tracks, stay tuned for the third and final part of our series on the need to focus on the basics when it comes to cyber defense.

Why-should-IAM-be-the-core-of-your-program

Comments

Subscribe Here!