We’re excited to bring Transform 2022 back to life on July 19th and virtually July 20-28. Join AI and data leaders for sensible conversations and exciting networking opportunities. Register today!
Cyber attack warnings have become so frequent that they are easy to remove. Your company has loaded on safety equipment and run its Red Team drill. You are confident that you have done everything you can.
Executives at Microsoft and chip-making giant Nvidia are likely to feel the same way until companies face a serious breach through common, easy-to-exploit holes. It just goes to show that even the most tech-savvy companies are at risk. Cyber attacks in the U.S. more than quadrupled last year and hackers are still gaining access to sophisticated and explicit. Here are three common loopholes they exploit in corporate cyber defense, plus some simple implementation solutions:
Cyber Defense and Privilege Growth
Say you put someone on the help desk, giving them privileges to install patches and software. In the latter, the employee is transferred elsewhere in the organization, but their privileges remain. That’s because most companies have strict protocols for handing them over – but not much to withdraw. This lack of withdrawal is a major cyber security vulnerability.
As the status of the help desk repeats itself in your organization, companies are filled with unnecessary privileges. Each account pushes you closer to a successful attack. The privilege increase was the root cause of the breach in the block, where the former employee took advantage of the access which should be removed.
Some organizations emphasize the problem. Most CISOs know that frontline workers make a small profit by hacking into their accounts. Without admin privileges, there is no way to install malware or ransomware. Yet as the privilege increases, the more fruitful points of entry multiply.
Take Octa’s latest breach, which was as simple as it was effective. The hackers abused the subcontractor’s engineer privileges, installed code downloaded from the Internet and soon obtained the keys to the $ 23 billion cloud software firm.
They then gained access to about 366 octa customer accounts. To add insult to injury, Lapsus $, the responsible group, posted screenshots of his reward and publicly taunted Octa for his failures.
While no cyber defense is complete, companies can reduce the risk by simply granting privileges as needed – and pushing harder to withdraw. Protect your company by stopping it before the problem starts.
Risk of lateral movement
Hackers are not much different from bank robbers. Both need espionage to succeed. They get it by moving back through your organization.
Once one system is captured, criminals can move on to another, increasing the size of the defense and checking the way to your crown jewel. To be sure, breaking the administrator’s account for shipping and receiving will not bring the treasure in the form of confidential information, privilege enhancement or side movement. But if hackers can access anyone in the Financial Group, Devops or even the CEO’s executive assistant, they have found a way to sensitive content.
In some companies, the certified administrator for one part of the network is automatically given access to another. That’s a recipe for disaster. If there is no need for them to push, he just adds another gateway to attack.
One solution is air gaping, meaning there is no direct connection between one part of your network and the other. The preventive software then adds another rampart, allowing for adjustments on the fly. When an attack is identified, it automatically removes important data, isolating data that you could at least lose.
Stale response plan
You already have an event response plan. How fresh is it? If you’re not running tabletop exercises – staging different levels of attack to check for vulnerabilities – you’re probably at risk. As the methods of attack change, you need to know how effectively your defenses can be adjusted. How fast can you answer? Who is responsible for shutting down which system? Who needs to report different levels of breach?
We once received a call from a Fortune 500 medical technology firm in which the attack continued. Privileged growth and lateral movement were taking place at the speed of the network: as soon as the system was restored to its golden image, it was reconciled, literally in milliseconds. At the same time, alarms were sounding throughout the network, with thousands of systems at stake. The event response plan just could not continue.
Hackers continue to enhance their game by writing new ransomware and eating dust thinking of ways to solve old tricks. CIOs and CISOs respond to threats by throwing the latest software and implementing new responses. Yet the real danger lies in contentment. Sometimes it pays to go back to the basics: review privilege enhancements, stop side-by-side movements and never stop updating and testing response plans.
The time and money that a company invests in its cyber security today is nothing compared to what comes after a breach. No one wants to explain to their customers why your efforts were not enough.
Raj is the president of Dodhiawala Preventive,
Welcome to the VentureBeat community!
DataDecisionMakers is where experts, including tech people working on data, can share data-related insights and innovations.
If you would like to read about the latest ideas and latest information, best practices and the future of data and data tech, join us at DataDecisionMakers.
You might even consider contributing to your own article!
Read more from DataDecisionMakers