By François Amigorena, CEO, IS Decisions
As a business, there are few things worse than realizing you’ve become a victim of a serious cyber attack. The consequences can be dear, and you may be left wondering how such an attack could ever happen when you’ve done all you can to make sure your anti-virus software is up to date, your firewall settings are all perfect, and everybody in your company is using the latest browser version on a computer installed with the latest operating system updates.
The truth is these days, however, there’s only so much you can prevent by just using the traditional security methods we’ve grown accustomed to.
But while hackers will always look for vulnerabilities in your system’s technology, the biggest vulnerability you’ll ever have will always be your employees.
You could have the strongest and most secure technology in the world protecting you from intrusion, but one sloppy accident from an employee could lead to disaster.
It only takes one employee to fall for a phishing scam and unwittingly hand over their domain log in details for a cyber attack to occur.
Once those login credentials are in the hands of an outsider to your company, that person has the power to wreak havoc — all without you even noticing before it’s too late.
Are you sure that person on your network is who they say they are?
Compromised credentials are a huge threat. The reason why is that traditional security technology like anti-virus software, firewalls, and perimeter defenses will not detect illegitimate access by a hacker using a legitimate login.
And why would they? As far as they’re concerned, yet another employee is logging into the system to do their job.
It’s the same with internal security. Once an attacker has gained entry to your systems, they have all the time in the world to snoop around your files and folders and steal whatever they want — potentially sensitive information that could get you into serious trouble.
And in an age when regulation and compliance requirements around user security is tightening, with larger fines and even the threat of imprisonment, the costs to your business can be extremely hard to bear.
The modern media fallacy
The more employees your company has, the more chance there is that one of them will fall victim to a phishing scam. That’s not to say, though, that small businesses are safe.
The attitude that “cyber-attacks only happen to big companies” doesn’t ring true anymore, especially since small companies are usually the ones with relatively small IT budgets to spend on security, and are therefore easier targets than big companies.
It just so happens that the hacks that make the news as a direct result of compromised credentials are those that happen to big companies because everybody’s heard of them — and the damage is huge.
Dropbox, for example, had 68 million account details leaked thanks to compromised credentials. eBay suffered a similar fate with 233 million accounts.
The infamous Sony hack exposed 100 terabytes of sensitive data to the world, and healthcare insurance provider Anthem had 78.8 million customers’ details stolen all through a compromised login.
But what about the hacks that happen to small companies? They happen, but they don’t make the news, which creates a false impression that it doesn’t happen at all.
What you can do to protect yourself from compromised credentials
Technology is key to protection. You can’t rely on your IT administrators to spot suspicious network activity, no matter how eagle-eyed they are.
People are, by their very nature, human, and run the risk of missing the odd bit of crucial information that technology could pick up in an instant and automatically raise the alarm.
That’s why technology that audits your files and folders on the network in real-time is key. This kind of technology can send an alert to an admin whenever someone edits a file that you know to be particularly sensitive.
Or it can alert an admin whenever somebody copies files en masse to a USB, a sign of potential theft.
It could even alert administrators when someone deletes a particularly sensitive folder. On each occasion, the admin will be able to see which user performed which action, which enables you to pinpoint problems quickly and address them at the source — the user.
While this kind of technology will alert you to hackers acting maliciously — or even malicious employees intent on doing damage on your network — prevention is always better than cure. Keeping hackers out in the first place is always the safest option.
But as we’ve seen with high-profile attacks in the past, the humble password is a weak form of protection on its own.
So, supplementing all login attempts with contextual information about where geographically the login is taking place, what device, and what time, you can set parameters that grant or deny access based on those factors.
So if your financial director works either from his/her office workstation or laptop around the building, and someone from HR attempts to log in to the network using your FD’s legitimate login, they won’t be able to gain access thanks to the fact that you’ve restricted logins to John’s own machine and devices only.
Likewise when your FD’s logins are compromised and access is attempted from any external location, if it’s not on John’s machine, they’re not getting access.
The benefits of these kinds of technologies are incredibly far-reaching. They have the potential to stop ransomware in its tracks, for example, because admins will get an alert when files are being locked en masse so you can quickly mitigate the damage.
So, if there’s one lesson to be learned from all the high-profile attacks that have come from compromised credentials, it’s that the more you know about what’s happening on your network, the better position you’ll be in to protect yourself.
Compromised credentials can happen to anyone — don’t let it be you.
About the Author
François Amigorena is the founder and CEO of IS Decisions and an expert commentator on insider threat issues.
IS Decision is a provider of infrastructure and security management software solutions for Microsoft Windows and Active Directory.
The company offers solutions for user-access control, file auditing, server and desktop reporting, and remote installations.
Its customers include the FBI, the US Air Force, the United Nations and Barclays — each of which rely on IS Decisions to prevent security breaches; ensure compliance with major regulations; such as SOX and FISMA; quickly respond to IT emergencies, and save time and money for the IT department.