the top 5 data breach vulnerabilities solved by thinking inside the “boks”
TRANSCRIPT
The Top 5 Data Breach Vulnerabilities SOLVED by Thinking INSIDE the “BoKS”
The dramatic increase in high profile data breaches has put IT security concerns under serious scrutiny in recent years and often in the headlines. Many of these massive security vulnerabilities are literally and figuratively baked into the pie of today’s modern IT infrastructures. Whether from a culture of misplaced trust or an over prioritization on business efficiencies, to disconnected business leadership or even fundamental infrastructure “short cuts” designed with the best intentions. The real “root” causes of these data breaches is as old as computer technology itself.
The first thing to recognize is at the very top of the IT operations pyramid, are system and security administrators who oversee all the day to day activities of the corporate digital kingdom below them. At the same time, most are also actively using methods and policies to manage and monitor themselves that
they themselves wouldn’t tolerate from 1 single end user out on their networks.
Not surprisingly, ALL of the top 5 data breach vulnerabilities are directly tied to these antiquated and often manual, access control and privileged account management processes used by IT administration teams to do their jobs.
The good news is that with centralized, least privileged system access solutions, which also allow for granular controls over access and context driven authentication, enterprises can literally eliminate many of the vulnerabilities all together, in addition to even addressing future concerns like IoT vulnerabilities or unpatched, outdated network devices.
One example we can look to that is designed to address all 5 on our list, is BoKS ServerControl, by Fox Technologies. Below I’ve expanded on the list of 5 to include real life breach examples of each, associated costs of the breach, what InfoSec professionals say about mitigating each, and how a total access control solution, like BoKS, uses multiple features to create a layered and comprehensive ANSWER to each vulnerability. Let’s see how BoKS matches up!
1. EmployeesProblem: Internal attacks are among the top threats, partially because it’s incredibly easy for people who already have access to sensitive data to abuse it, when no comprehensive system access control solution is already in place.
In the Headlines: Fannie Mae, 2009.
Costs: Luckily, by chance, the ex-employees malware scripts to destroy data were discovered before it was executed. But what was the potential back in 2009? Insider cyber-crime costs businesses was estimated as high as $1 Trillion globally, according to McAfee/Purdue University Study.
What the Pro’s Say: To minimize your risk of internal attacks from disgruntled employees, be sure that all user accounts are current with regards to security access and employment status. As soon as you terminate an employee they should no longer have access to your systems. Develop a system that monitors these accounts for suspicious activity and ensures security of privileged accounts — such as strong passwords and two-step verification.
BoKS Feature & Answer: Context Driven Authentication, Granular Access
Controls, Real-Time Enforcement, Account Provisioning/De-Provisioning. Being
able to define WHO, WHAT, WHERE, WHEN, and HOW someone gets privilege
access along with real time enforcement of those access controls in a least
privileged and centralized solutions, eliminates the ability of administrators to
even perform commands or access information not directly tied to their
defined role in the BoKS. When performing certain higher risk activities, BoKS
also can be configured to record session info and even keystroke logging
making the forensic process of any breach exponentially easier to complete.
This, along with the ability to revoke access rights real time across all your
environments, for any reason, eliminates the vast majority of vulnerabilities
your insider threat can exploit.
2. Unsecure Mobile Devices (BYOD)Problem: When employees bring their own devices to work, it means you have less control over security, passwords, and application downloads that could pose security threats. You also don’t know who has access to that device, such as the employee’s family members. Similarly, careless or uninformed employees also pose a risk (i.e. easily guessed passwords on sensitive accounts or accounts left logged into when no one is using the device).
In the Headlines: Department of Veterans Affairs, 2006.
Costs: Estimated $100 million to $500 million to prevent future breaches
and recoup losses.
What the Pro’s Say: Having mobile security solutions in place that protect corporate data can help minimize risk of a data breach as well.
BoKS Feature & Answer: Group Management & Granular Access Controls.
Allows for security teams to FULLY enforce their access policies in real time.
Whether identified or not, any device requesting access to your systems is
always denied, by default. However, with BoKS’s ability to do group
management and create host groups of identified devices, when properly
configured, you can define specific devices, along with utilizing context
authorization layers, so admins and privileged users can still use their personal
devices to gain elevated access to your systems while maintaining the same
security posture you have on your office computer.
3. Cloud StorageProblem: Placing your data and applications on the cloud can be convenient in many ways because it allows you to access your data from anywhere often on multiple devices. However, this convenience also can open up the attack surface of your systems to attackers if not done with security in mind.
In the Headlines: Target, 2014– data breach centered around normal
processing and storage of data using their cloud services.
Costs: $10 million just to settle with customers who were victims of the data theft. This does not include the other significant costs of remediation actions, forensic investigation, solution investments, and overall use of resources towards fixing or cleaning up the results of the breach.
What the Pro’s Say: Look for ways to restrict access to cloud-based data and solutions using dual factor authentication.
BoKS Feature & Answer: Designed to support both On-Prem and Cloud
Enterprises. Bring all the comprehensive system access features you love from
BoKS into any mixed environment. BoKS is the future proof solution for system
access in an ever changing landscape of server environments and OS
instances.
4. Third Party ProvidersProblem: When 3rd party provider systems aren’t secure and they have access to your information the risk of stolen security credentials and a number of other threats increases significantly.
In the Headlines: Home Depot 2014
Costs: Estimated $40 million and still growing.
What the Pro’s Say: Add an extra layer of security to your data by requiring limiting their access to certain hours and the minimum number of systems and networks to which access is required. It’s also an important practice to disable your third-party accounts once you no longer need them.
BoKS Feature & Answer: Account Provision / De-Provisioning & Group
Management. This ensures only the precise amount of access rights are
provided to 3rd parties for all activities requiring they gain additional
entitlements. This, in conjunction with granular access controls and centralized
reporting, makes sure 3rd party accounts with elevated access are limited to
their required needs and can be configured to have automated expiration
dates on all 3rd party user accounts. Administrators can also dictate what
hours of the day the user accounts are valid, while the work is still being
completed.
5. Malicious AttacksProblem: A hacker might guess an employee’s password and then send out seemingly trustworthy emails to other colleagues in an attempt to gather their passwords and sensitive data as well (i.e. Phishing or Spearphishing). Having outdated or unpatched systems also increases your risk of malicious attacks.
In the Headlines: Sony Play Station Network, 2011
Costs: $10 million plus and counting…initial attack left network site down for an entire MONTH!
What the Pro’s Say: Keeping your systems updated with the latest patches— including operating systems and browsers — will significantly reduce your risk of a hack. It’s also crucial that you have a policy in place for alerting management to malicious attacks.
BoKS Feature & Answer: Granular Access Controls. This can eliminate the
dependence on username and password to control system access, all together.
Consequently, even if credentials were stolen, they would effectively be
useless without the corresponding answers to the multiple authentication
layers further define not just WHO (Username and Password) get access, but
also Where (IP Address), When (time/date), What (machine used), and HOW
(SSH Route) any privileged user can gain elevated access rights. This is then
further restricted based on the role of the user in the organization. So, even if
the person was able to account for all the other requirements to gaining
access, the chance for root access to everything is completely eliminated.