Cyber Defense eMagazine January 2020 Edition

More documents

Recommendations

Info

24 The Dark Truth of Insider Threat By Richard Menear, CEO, Burning Tree In any business, we inherently want to trust the people we work with. By and large, we can. However, the reality is that insiders remain one of the main threats to your organisation’s information and cyber security, and if you think your company can’t be breached — think again! Although it can sometimes be difficult to separate incidents caused by insiders from general data breaches, Verizon’s 2019 Data Breach Investigations Report found that 34% of all breaches in 2018 happened as a result of insider work. The same report also found that 68% of data compromise is internal. Internal incidents can be especially tricky to detect because actors know exactly where sensitive data is stored and have a good understanding of your cyber security processes and the solutions you have implemented. As such, some breaches may go undetected for months — or even years. But with the cost of an insider attack remaining high (the average cost rose 15% from 2018 to 2019), it has never been more crucial for organisations to be aware of insider threats. Defining “insiders” We might think of “insiders” as disgruntled or malicious employees waiting to steal your corporate data and sell it on the dark web. Malicious intent from a disgruntled employee can be the worst type of insider threat — with fraudulent activity often going undetected and eroding company profitability. However, more often than not, a data leak is simply due to a mistake or unintentional misuse. According to reports, privileged IT users or admins are the most dangerous insiders. It is normal for IT operational staff to have direct administrative access to all systems. The information on these systems can be highly confidential or valuable and is often subject to strict compliance requirements such as GDPR. Plus, even if personal information is locked down at the application, IT administrators can access, copy, change or delete data — which could result in a GDPR compliance issue. 24
25 Focus on detection Although prevention, mitigation and response are crucial parts of security policies, when it comes to insider threats, it is essential to shift the focus to detection. This means investing in and deploying suitable solutions. The different approaches used to detect and eliminate insider threats depends on infrastructure and applications. Privileged Access Management Weak authentication or shared credentials can further extend the risk of a highly privileged account being compromised, so application access control and password rotation are vital for improved adaptive authentication. At the simplest level, insider threat detection solutions will ‘vault’ administrative passwords to protect and safeguard passwords, only releasing them as and when required. Solutions could include AD Bridging to onboard Unix servers, policy enforcement, management of workstations, password rotation and command auditing. For example, One Identity’s Privileged Access Management solutions and Quest’s audit and reporting solutions enable you to provide the full credential when necessary or limit access with granular delegation for least privileged access. Security can also be enhanced by requiring a second factor of authentication for user, administrative or superuser access. Privileged Session Management To proactively detect and limit insider threats, Privileged Session Management is also crucial. By monitoring activity, software can help to identify and alert security officers to any broken rules — allowing them to inspect and respond to suspicious activity as it happens. One Identity and Quest’s software records and logs all privileged activity — down to the keystroke, mouse movement and windows viewed — in real-time. Privileged access is then granted based on established policies with appropriate approvals. This eliminates shared credentials and assigns individual accountability, resulting in enhanced security and easier compliance. Process control is key Without adequate security controls around Privileged Account Management in place, the resulting damage and fraud from an insider attack could be disastrous. Changing user behaviour and vetting privileged users is arguably as important as implementing the right software. 25
Page 1 and 2: 1 Best Practices for Building A Com
Page 3 and 4: 3 CONTENTS Welcome to This Very Spe
Page 5 and 6: @CYBERDEFENSEMAG CYBER DEFENSE eMAG
Page 7 and 8: 7 7
Page 9 and 10: 9 9
Page 11 and 12: 11 11
Page 13 and 14: 13 Your website could be vulnerable
Page 15 and 16: 15 15
Page 17 and 18: 17 17
Page 19 and 20: 19 19
Page 21 and 22: 21 A further challenge arises from
Page 23: 23 About the Author Haythem Hammour
Page 27 and 28: 27 What’s the Security Misconfigu
Page 29 and 30: 29 As more and more businesses begi
Page 31 and 32: 31 Industries under threat Accordin
Page 33 and 34: 33 How to Know If Someone Is Watchi
Page 35 and 36: 35 you are running in the backgroun
Page 37 and 38: 37 These stats make it clear why sm
Page 39 and 40: 39 · Provide staff especially thos
Page 41 and 42: 41 The current state of insecurity
Page 43 and 44: 43 3. Support heterogeneous network
Page 45 and 46: 45 • Enables troubleshooting of i
Page 47 and 48: 47 It’s not just medical research
Page 49 and 50: 49 Europe Cybersecurity Market Size
Page 51 and 52: 51 Some of the key vendors in the E
Page 53 and 54: 53 Iot Security and Privacy Securit
Page 55 and 56: 55 information such as DNA informat
Page 57 and 58: 57 Lessons Learned Unlike newer pro
Page 59 and 60: 59 Seven Security Predictions For 2
Page 61 and 62: 61 will target state and local vote
Page 63 and 64: 63 7) Attackers Will Find New Vulne
Page 65 and 66: 65 Certification Programs There are
Page 67 and 68: 67 Fraud: A Look Back At 2019 And W
Page 69 and 70: 69 technologies. They’re also col
Page 71 and 72: 71 • A list of valid credentials
Page 73 and 74: 73 Making the Transition The shift
Page 75 and 76:
75 to get a view on the entire IT e
Page 77 and 78:
77 The Decade Ahead for Cybersecuri
Page 79 and 80:
79 About the Author Matthew Gyde is
Page 81 and 82:
81 datacenters before heading out t
Page 83 and 84:
83 About the Author Paul Martini is
Page 85 and 86:
85 85
Page 87 and 88:
87 87
Page 89 and 90:
89 89
Page 91 and 92:
91 91
Page 93 and 94:
93 93
Page 95 and 96:
95 95
Page 97 and 98:
97 97
Page 99 and 100:
99 99
Page 101 and 102:
101 101
Page 103 and 104:
103 You asked, and it’s finally h
Page 105 and 106:
105 TRILLIONS ARE AT STAKE No 1 INT
Page 107 and 108:
107 107
Page 109 and 110:
109 109
Page 111 and 112:
111 111
show all

Cyber Defense eMagazine January 2020 Edition

Create successful ePaper yourself

Delete template?

Save as template?