On contrary to popular belief, when it comes to breaches not all roads lead through a complex coding system. However, hackers, these days do not prefer going through the traditional methods rather they rely on using weak, default, stolen, or otherwise compromised credentials. A majority of breaches in the last few years have involved compromised privileged credentials. Consequently, our experts feel that imposing better control over the human element should go a long way in the battle against data breaches.
With all the new technologies, strategies, and artificial intelligence being employed by security and IT experts along with threat actors as well the only constant common between all of it is the Human element.
Humans are fallible.
This fact has time and again been exploited by threat actors as they have devised one after another phishing campaigns, preying on the victims with various social engineering attacks. Yet, organizations have been investing heavily in securing their network perimeter than focusing on security controls which can protect against a leading attack vector: Abuse of privilege access.
It surely is one of the biggest mistakes organizations make. Organizations should make privilege access management a top priority and hence following are the three steps that would ensure the same.
A world beyond passwords
Another fact that exists in the IT world is that a static password is never enough, especially when it comes to sensitive enterprise systems and data. Since it lacks the ability to judge if the user is accessing the data through authentic ways or if they have acquired the password through illegal or malicious means. Organizations need to realize that Two-factor authentication is the easiest way to secure their sensitive enterprise data.
Less is more
It is estimated that this year, spends on cybersecurity will go as close to $150 million and yet the breaches are expected to flow in. This is because a major part of the investment does not address modern security issues or protect the ever-growing attack surface of a perimeter less attack. Identity, which is the path of least resistance, is being targeted by the threat actors. Once this realization has dawned upon them, it takes only one person to use a password as simple as 123456 to ransack the organization.
Irrespective of their size companies across the sectors must get more strategic about how and where they allocate their funds. Instead of spending on every technology that is available, they should focus on getting the right tool for their organization. Given the fact that privilege access is a major attack vector now, that is where the organizations should be investing in.
The Zero trust principle
As the name suggests, this is a feature that trusts no one, not even devices or users. This approach helps the organizations to re-establish trust by enforcing least privilege access on a real-time basis by verifying who is requesting access, the context of the request and the risk of the environment.
For systems to enforce an authoritative security policy, they must have securely established a unique identity with an authoritative security management platform like Microsoft Active Directory. In today’s era, it is not permitted to have access to management systems to use anonymous access accounts or injected credentials such as shared super user accounts, vaulted accounts since they cannot be verified for security operations.
Another factor for consideration is that today’s identities do not just include people but workloads services and machines as well. This is true in environments where task automation plays a dominant role like DevOps and cloud environments. Verifying the personnel who is requesting access before authorizing access by any “entity” requires querying enterprise identity repositories for authentication and entitlements.
All the accounts having access to sensitive data should be given least privilege access and only for a stipulated time frame when its needed, post which the access should be revoked. This zero-trust stance ensures that all access to services and sensitive information should be authenticated, authorized and encrypted.
Following these methods would enable organizations to stay ahead of the security curve and reducing the damage by human element if not eliminating it altogether.
To read more, please check eScan Blog