If you were trying to break into a bank, would you rather go through the trouble of evading the physical and digital security measures (i.e. security guards, door access, vault passcodes, and surveillance) OR would you rather obtain the keys to the bank and pose as a trusted insider?
The answer is obvious for most; posing as an employee of the bank will certainly save time in your heist. The same psychology applies to cybercriminals. When it comes to breaching your data, they aren’t worried about bypassing your perimeter security and firewalls, because they’ve found another way in, using rather simple tactics.
Humans Hold the Keys to the Kingdom, and They are the Weakest Link
Posing as an insider within your network gives cybercriminals the chance to obtain your sensitive data. If you were a criminal and you could be any insider, who would you be? The wise answer is a privileged user — someone with access to a wide array of data across the business that’s necessary to perform their job and therefore doesn’t raise any red flags when accessing data.
A Forrester study estimates that 80% of security breaches involve privileged credentials, including high profile organizations such as Target and the Snowden NSA Breach.
Cybercriminals have recognized humans as the weakest link in the cybersecurity chain, and they’re using social engineering as their tool of choice to obtain credentials for privileged user accounts including tactics like phishing, baiting, man-in-the-middle, and tailgating. Once inside your network, hackers and attackers can go undetected as an insider with advanced privileges — giving them plenty of time to extract data across your network.
Oftentimes, privileged user accounts aren’t audited at the depth that would allow employers to raise suspicion of activity. This leaves intruders using these accounts free to pilfer organizations for information and resources. Powerful tools have been developed to combat this problem, and companies are adopting the technology to monitor behavior and secure their sensitive data.
Look at Past Behavior to Predict Future Behavior
When it comes to identifying and thwarting compromised credentials for privileged user accounts, a powerful combination of technologies should be implemented to save time and resources. Organizations can use monitoring technology to spot anomalies in user behavior.
What’s powerful about proactive monitoring is the use of behavioral analytics. Behavioral analytics tracks users’ past behavior to predict future behavior; giving organizations more accurate insight into users’ activity. In addition to monitoring exports and employee activity, these technologies look for deviations in user behavior such as time of login, disparities in geo location, and access of internal systems.
For example, let’s say your CFO begins to look at your trade secrets or into the infrastructure layout of your network, something he has never done before. A monitoring solution would proactively alert about such unusual behavior, allowing you to block access immediately upon detection and prevent an incident from becoming a breach.
Principle of Least Privilege
Organizations should implement training and culture in addition to these monitoring technologies to mitigate risk associated with compromised credentials for privileged user accounts. From the receptionist to the CEO, employees should be trained to identifing social engineering tactics. Furthermore, organizations should apply the “Principle of Least Privilege” to their employees’ permissions, which allows the least amount of privileges necessary for a user to properly perform their role.
Cybersecurity threats will continue to advance in 2018, and organizations can no longer rely on a perimeter security approach or a “mote mentality” for securing their data. Security now takes a people-centric security approach, where user behavior is analyzed and can be reported and alerted on accordingly – coupled with an educated workforce and you can keep the keys to your kingdom in the hands of the right people.