We look forward to presenting Transform 2022 in person again on July 19 and virtually from July 20 to 28. Join us for insightful conversations and exciting networking opportunities. Register today!
Cyber attack warnings have become so common that it’s easy to turn them off. Your company has uploaded security tools and conducted its Red Team drills. You are confident that you have done all you could.
Executives at Microsoft and chipmaker Nvidia probably felt the same way until the companies suffered excruciating security breaches from common, easily exploited vulnerabilities. It just goes to show that even the most tech-savvy businesses are at risk. Cyberattacks in the US have more than quadrupled in the past year, and hackers are still breaking in in sophisticated and obvious ways. Here are three common vulnerabilities they exploit in enterprise cyber defenses and some easy-to-implement solutions:
Cyber Defense and Privilege Escalation
Suppose you hired someone at the helpdesk and gave them permissions to install patches and software. Later, the employee is transferred to a different location in the organization, but their privileges remain. That’s because most companies have strict protocols for handing out – but not many for withdrawing. This lack of retreat is a major weakness in cybersecurity.
As the helpdesk situation repeats itself throughout your organization, organizations are being showered with unnecessary privileges. Each account brings you closer to a successful attack. Privilege escalation was the root cause of a breach at Block, where a former employee used access that should have been removed.
Some organizations put less emphasis on the problem. Most CISOs know that hackers gain little by digging into the accounts of frontline employees. Without administrative privileges, there is no way to install malware or ransomware. But as privileges escalate, more fruitful entry points proliferate.
Take the recent Okta breach, which was as simple as it was effective. Harnessing a subcontractor’s engineer privileges, hackers installed code downloaded from the internet and soon had the keys to a $23 billion cloud software company.
Then they got access to about 366 Okta customer accounts. To add insult to injury, Lapsus$, the group responsible, released screenshots of their bounty and publicly taunted Okta for his mistakes.
While no cyber defense is perfect, organizations can reduce risk by allowing privileges only when they’re needed—and being even more aggressive about denying them. Protect your business by stopping the problem before it starts.
The risk of lateral movement
Hackers are not very different from bank robbers. Both need education to be successful. They get it by moving sideways through your organization.
After conquering one system, criminals can move on to the next and next, assessing defenses and looking for a path to your crown jewels. Certainly, hacking into a send and receive admin account might not bring treasure in the form of sensitive information, escalation of privileges, or lateral movements. But if hackers can access someone in the finance group, developers, or even the executive’s assistants, they’ve found a way to sensitive material.
In some organizations, an administrator authorized for one part of a network is automatically granted access to another. It’s a recipe for disaster. Unless there’s a real need for them to be there, it just adds another attack gate.
One solution is air gapping, which means there is no direct connection between one part of your network and another. Preemptive software then adds a second line of defense that allows for on-the-fly adjustments. When an attack is detected, critical data is automatically airgapped, isolating data you can least afford to lose.
An outdated response plan
You already have an incident response plan. how fresh is it If you haven’t done tabletop drills – staged different layers of attacks to look for vulnerabilities – you’re probably at risk. As attack modes change, you need to know how effectively your defense can adapt. How fast can you react? Who is responsible for shutting down which systems? Who needs to be informed about a violation at different levels?
We once received a call from a Fortune 500 medical device company that was under attack. Privileged escalation and lateral movement occurred at network speed: once a system was restored to its golden image, it was compromised again in literally milliseconds. At the same time, alarms were ringing across the network, and tens of thousands of systems were at risk. The incident response plan just couldn’t keep up.
Hackers continue to escalate their game by writing new ransomware and dusting off old tricks that were thought to be solved. CIOs and CISOs respond by fighting the threats with the latest software and implementing new responses. But the real danger lies in complacency. Sometimes it pays to go back to basics: check escalation of privilege, stop lateral movements, and never stop updating and testing response plans.
The time and money a company invests in its cybersecurity today is nothing compared to what comes after a security breach. No one wants to explain to their customers why their efforts weren’t enough.
Raj Dodhiawala is President of remedy.
data decision maker
Welcome to the VentureBeat community!
DataDecisionMakers is the place where experts, including technical staff, working with data can share data-related insights and innovations.
If you want to read about innovative ideas and up-to-date information, best practices and the future of data and data technology, visit us at DataDecisionMakers.
You might even consider contributing an article of your own!
Read more from DataDecisionMakers