The Top 5 Data Breach Vulnerabilities SOLVED by Thinking INSIDE the “BoKS”

The dramatic increase in high profile data breaches has put IT security concerns under serious scrutiny in recent years and often in the headlines. Many of these massive security vulnerabilities are literally and figuratively baked into the pie of today’s modern IT infrastructures. Whether from a culture of misplaced trust or an over prioritization on business efficiencies, to disconnected business leadership or even fundamental infrastructure “short cuts” designed with the best intentions. The real “root” causes of these data breaches is as old as computer technology itself.

The first thing to recognize is at the very top of the IT operations pyramid, are system and security administrators who oversee all the day to day activities of the corporate digital kingdom below them. At the same time, most are also actively using methods and policies to manage and monitor themselves that

they themselves wouldn’t tolerate from 1 single end user out on their networks.

Not surprisingly, ALL of the top 5 data breach vulnerabilities are directly tied to these antiquated and often manual, access control and privileged account management processes used by IT administration teams to do their jobs.  

The good news is that with centralized, least privileged system access solutions, which also allow for granular controls over access and context driven authentication, enterprises can literally eliminate many of the vulnerabilities all together, in addition to even addressing future concerns like IoT vulnerabilities or unpatched, outdated network devices.

One example we can look to that is designed to address all 5 on our list, is BoKS ServerControl, by Fox Technologies. Below I’ve expanded on the list of 5 to include real life breach examples of each, associated costs of the breach, what InfoSec professionals say about mitigating each, and how a total access control solution, like BoKS, uses multiple features to create a layered and comprehensive ANSWER to each vulnerability. Let’s see how BoKS matches up!   

1.  EmployeesProblem: Internal attacks are among the top threats, partially because it’s incredibly easy for people who already have access to sensitive data to abuse it, when no comprehensive system access control solution is already in place.  

In the Headlines: Fannie Mae, 2009.

Costs: Luckily, by chance, the ex-employees malware scripts to destroy data were discovered before it was executed. But what was the potential back in 2009? Insider cyber-crime costs businesses was estimated as high as $1 Trillion globally, according to McAfee/Purdue University Study.

What the Pro’s Say: To minimize your risk of internal attacks from disgruntled employees, be sure that all user accounts are current with regards to security access and employment status. As soon as you terminate an employee they should no longer have access to your systems. Develop a system that monitors these accounts for suspicious activity and ensures security of privileged accounts — such as strong passwords and two-step verification.

BoKS Feature & Answer: Context Driven Authentication, Granular Access

Controls, Real-Time Enforcement, Account Provisioning/De-Provisioning. Being

able to define WHO, WHAT, WHERE, WHEN, and HOW someone gets privilege

access along with real time enforcement of those access controls in a least

privileged and centralized solutions, eliminates the ability of administrators to

even perform commands or access information not directly tied to their

defined role in the BoKS. When performing certain higher risk activities, BoKS

also can be configured to record session info and even keystroke logging

making the forensic process of any breach exponentially easier to complete.

This, along with the ability to revoke access rights real time across all your

environments, for any reason, eliminates the vast majority of vulnerabilities

your insider threat can exploit.

 

2. Unsecure Mobile Devices (BYOD)Problem: When employees bring their own devices to work, it means you have less control over security, passwords, and application downloads that could pose security threats. You also don’t know who has access to that device, such as the employee’s family members. Similarly, careless or uninformed employees also pose a risk (i.e. easily guessed passwords on sensitive accounts or accounts left logged into when no one is using the device). 

In the Headlines: Department of Veterans Affairs, 2006.

Costs: Estimated $100 million to $500 million to prevent future breaches

and recoup losses.

What the Pro’s Say:  Having mobile security solutions in place that protect corporate data can help minimize risk of a data breach as well.

BoKS Feature & Answer: Group Management & Granular Access Controls.

Allows for security teams to FULLY enforce their access policies in real time.

Whether identified or not, any device requesting access to your systems is

always denied, by default. However, with BoKS’s ability to do group

management and create host groups of identified devices, when properly

configured, you can define specific devices, along with utilizing context

authorization layers, so admins and privileged users can still use their personal

devices to gain elevated access to your systems while maintaining the same

security posture you have on your office computer.

 

3. Cloud StorageProblem: Placing your data and applications on the cloud can be convenient in many ways because it allows you to access your data from anywhere often on multiple devices. However, this convenience also can open up the attack surface of your systems to attackers if not done with security in mind. 

In the Headlines: Target, 2014– data breach centered around normal

processing and storage of data using their cloud services.

Costs: $10 million just to settle with customers who were victims of the data theft. This does not include the other significant costs of remediation actions, forensic investigation, solution investments, and overall use of resources towards fixing or cleaning up the results of the breach.

What the Pro’s Say: Look for ways to restrict access to cloud-based data and solutions using dual factor authentication. 

BoKS Feature & Answer: Designed to support both On-Prem and Cloud

Enterprises. Bring all the comprehensive system access features you love from

BoKS into any mixed environment. BoKS is the future proof solution for system

access in an ever changing landscape of server environments and OS

instances.

 

4. Third Party ProvidersProblem:  When 3rd party provider systems aren’t secure and they have access to your information the risk of stolen security credentials and a number of other threats increases significantly.

In the Headlines: Home Depot 2014

Costs: Estimated $40 million and still growing.

What the Pro’s Say: Add an extra layer of security to your data by requiring limiting their access to certain hours and the minimum number of systems and networks to which access is required. It’s also an important practice to disable your third-party accounts once you no longer need them.

BoKS Feature & Answer: Account Provision / De-Provisioning & Group

Management. This ensures only the precise amount of access rights are

provided to 3rd parties for all activities requiring they gain additional

entitlements. This, in conjunction with granular access controls and centralized

reporting, makes sure 3rd party accounts with elevated access are limited to

their required needs and can be configured to have automated expiration

dates on all 3rd party user accounts. Administrators can also dictate what

hours of the day the user accounts are valid, while the work is still being

completed.  

 

5. Malicious AttacksProblem: A hacker might guess an employee’s password and then send out seemingly trustworthy emails to other colleagues in an attempt to gather their passwords and sensitive data as well (i.e. Phishing or Spearphishing). Having outdated or unpatched systems also increases your risk of malicious attacks.

In the Headlines: Sony Play Station Network, 2011

Costs: $10 million plus and counting…initial attack left network site down for an entire MONTH!

What the Pro’s Say: Keeping your systems updated with the latest patches— including operating systems and browsers — will significantly reduce your risk of a hack. It’s also crucial that you have a policy in place for alerting management to malicious attacks. 

BoKS Feature & Answer: Granular Access Controls. This can eliminate the

dependence on username and password to control system access, all together.

Consequently, even if credentials were stolen, they would effectively be

useless without the corresponding answers to the multiple authentication

layers further define not just WHO (Username and Password) get access, but

also Where (IP Address), When (time/date), What (machine used), and HOW

(SSH Route) any privileged user can gain elevated access rights. This is then

further restricted based on the role of the user in the organization. So, even if

the person was able to account for all the other requirements to gaining

access, the chance for root access to everything is completely eliminated.