In the global digital economy, privileged accounts (user accounts with privileges that go beyond access to install or remove software, or modify system or application configurations), credentials and secrets are everywhere – on-premises, in the cloud, on endpoints and across multiple DevOps environments.
The 20th EY Global Information Security Survey (GISS), which was released in 2018, reveals that most organisations continue to increase their spending on cybersecurity, with more than 90% of respondents saying that they expect to have a higher budget in 2018. All of the respondents in Greater China (including mainland China, Hong Kong, Macau and Taiwan) have maintained or increased their budgets since the previous year.
However, 20% of the respondents admit that they are not fully aware of the need to assess their organisation’s current cybersecurity impacts and vulnerabilities. Furthermore, Chinese respondents said that the most likely source of attack is hackers (54%), followed by careless members of staff (50%) and malicious employees (47%).
In Hong Kong, cybersecurity and financial crime compliance are among key priorities. The number of data breach cases in Hong Kong hit a record high last year, with 129 cases reported – a 22% increase compared to 2017. Data was leaked through hacking, system configuration, loss of documents or portable devices and inadvertent disclosures of data by fax, email or post.
Last September, the Office of the Government Chief Information Officer (OGCIO) launched the Cybersec Infohub, a two-year pilot programme to promote cybersecurity information exchange among public and private sectors and the community. The programme is also intended as a platform for members to share information, advice and expert insights on topics such as mitigation measures and best practices with cybersecurity experts from different industries.
Security breaches of sensitive data ranging from customer records to intellectual property more often than not involve the use of stolen privileged credentials. The numbers have become numbing. Year after year, cyber-attacks continue to escalate in frequency, severity and impact.
As threats continue to mount, understanding and managing cybersecurity risks have become top of mind for leaders in business and government. So, what can organisations do this year to tighten privileged access security to reduce risk from attackers and malicious insiders? The first step has to be reducing privileged access risk. Below, I offer my tips and recommendations for how to drive down risk, in 2019 and beyond.
- Limit lateral movement.
Attackers follow patterns – stealing credentials and moving laterally across the infrastructure to carry out their goals. To limit attackers’ movement, organisations have to reduce local admin rights on IT Windows workstations to stop credential theft.
2. Eliminate irreversible network takeover attacks.
Irreversible takeover attacks refer to incidents that are so intrusive that the only viable resolution is to rebuild the affected environment. The attacker typically gains access to the network and proceeds to move laterally until gaining access to critical infrastructure such as domain controllers. For example, savvy hackers can ruin organisational networks and create long-term damage by gaining access to domain controllers, which are servers that manage network security for user authentication and authorization. IT teams must move privileged credentials associated with all top tier assets—such as domain controller accounts—to a centralised and automated system. Multi-factor authentication (MFA) must then be implemented to protect it.
3. Protect credentials for third-party applications.
Attackers increasingly target third-party vendors such as business services, management consultants, legal counsel, facilities maintenance support, logistics companies and more as their applications and IT systems are often less sophisticated and their security defences are easier to infiltrate. To minimise risk, it’s important to vault all privileged credentials used by third-party applications and vendors. IT teams must be sure credentials are rotated frequently.
4. Secure SaaS admins and privileged business users.
Cyber criminals tend to use phishing attacks to steal credentials used by SaaS administrators and privileged business users to get high-level and stealthy access to sensitive systems. To prevent this kind of attack, IT teams must isolate all access to shared IDs and require MFA in order to establish a session under such an account. They must also monitor and record sessions of SaaS admins and privileged business users.
5. Utilise MFA.
Passwords are crackable, findable and sharable. MFA that requires “something you have” and “something you know” exponentially decreases compromise. It’s important that businesses ensure a privileged access management solution heavily leverages MFA to enhance the protection invested in.
The ability to combat cyberthreat effectively is especially important as we are becoming an ever more connected society. And as the number and sophistication of cyber attacks increases, cybersecurity needs to be an integral part of any organisation. To protect their organisations’ reputation, brand and intellectual property, the executive team needs to take ownership of cyber risk.
2019 presents a renewed opportunity for businesses to re-evaluate and strengthen their cybersecurity posture. This has to start with securing privileged access as the first port of call, to ensure that critical applications are accessed by the right people at the right time.
2019 has to be the year that we take further measures to mitigate insider threat!
Author: Jeffrey Kok, Vice President of Solution Engineer, Asia Pacific and Japan, CyberArk