3 Most Common — And Dangerous — Gaps In Corporate Cyber Defense
We’re excited to bring Transform 2022 back in person on July 19 and pretty much July 20-28. Join AI and data leaders for insightful conversations and exciting networking opportunities. Register today!
Cyber attack warnings have become so frequent that it is easy to disable them. Your company has loaded security tools and performed Red Team exercises. You know for sure that you did everything you could.
Executives at Microsoft and the chip-making giant Nvidia were probably feeling the same way until the companies suffered excruciating breaches through common, easy-to-exploit holes. It just goes to show that even the most tech-savvy companies are at risk. Cyber attacks in the US more than quadrupled last year and hackers are still gaining access in both sophisticated and obvious ways. Here are three common holes they exploit in corporate cybersecurity, plus some easy-to-implement solutions:
Cyber Defense and Power Escalation
Let’s say you hired someone at the help desk who gives them permissions to install patches and software. Later, the employee is transferred elsewhere in the organization, but their privileges remain. That’s because most companies have strict protocols to hand them out, but not much to withdraw them. This lack of withdrawal is a major cybersecurity weakness.
As the help desk situation repeats itself across your organization, businesses are loaded with unnecessary privileges. Each account pushes you closer to a successful attack. The escalation of powers was the main cause of a breach at Block, where a ex-employee leveraged access that should have been removed.
Some organizations emphasize the problem. Most CISOs know that hackers gain little by digging into the accounts of frontline workers. Without administrator rights, there is no way to install malware or ransomware. But as privilege escalates, more fertile entry points increase.
Take the recent violation of Okta, which was as simple as it was effective. Hackers abused the privileges of a subcontractor engineer, installed code downloaded from the Internet, and soon had the keys to a $23 billion cloud software company.
After that, they gained access to approximately 366 Okta customer accounts. To make matters worse, lapsus$the responsible group, posted screenshots of his bounty and publicly taunted Okta for its shortcomings.
While no cyber defense is perfect, companies can mitigate risk by allowing privileges only when they need to — and using even more force to revoke them. Protect your business by stopping the problem before it starts.
The risk of sideways movement
Hackers are no different from bank robbers. They both need exploration to be successful. They get it by moving sideways through your organization.
After conquering one system, criminals can move on to the next and the next, scaling up the defenses and searching for a path to your crown jewels. Certainly, violating a send and receive administrator account may not yield a treasure in the form of confidential information, escalation of privileges, or sideways movement. But if hackers can gain access to anyone in the finance group, devops, or even the CEO’s executive assistant, they’ve found a route to sensitive material.
In some companies, an administrator who is certified for one part of one network automatically gains access to another. It’s a recipe for disaster. If there’s no pressing need for them to be there, it just adds another gateway to attack.
One solution is airgapping, which means there is no direct connection between one part of your network and another. Preventive software then adds a second wall, allowing on-the-fly adjustments. When an attack is identified, it automatically deletes critical data, isolating data you can least afford to lose.
An old reaction plan
You already have an incident response plan. How fresh is it? If you haven’t performed tabletop drills — where you run different levels of attack to check for vulnerabilities — you’re probably at risk. As attacking methods change, you need to know how effectively your defenses can be modified. How quickly can you respond? Who is responsible for shutting down which systems? Who should be notified of a breach at the different levels?
We once received a call from a Fortune 500 medical technology company with an ongoing attack. Privileged escalation and sideways movement occurred at network speeds: once a system with its golden image, it was compromised again, literally in milliseconds. At the same time, alarms were ringing across the network, with tens of thousands of systems at stake. The incident response plan simply couldn’t keep up.
Hackers continue to escalate their game by writing new ransomware and dusting off old tricks that are believed to have been solved. CIOs and CISOs respond by throwing the latest software at the threats and implementing new responses. But the real danger lies in complacency. Sometimes it pays to go back to basics: watch power escalation, stop lateral movement, and never stop updating and testing response plans.
The time and money a company invests in its cybersecurity today is nothing compared to what comes after a breach. No one wants to explain to their customers why your efforts weren’t enough.
Raj Dodhiawala is chairman of Remedy†
Welcome to the VentureBeat Community!
DataDecisionMakers is where experts, including the technical people who do data work, can share data-related insights and innovation.
If you want to read about the very latest ideas and up-to-date information, best practices and the future of data and data technology, join us at DataDecisionMakers.
You might even consider contributing an article yourself!
Read more from DataDecisionMakers