October was National Cybersecurity Awareness Month, which reminded organizations every year that they must never lose vigilance when it comes to protecting access to data. The recent wave of data breaches (e.g. at Simon Fraser University, on Twitter, Universal Health Services and Shopify) shows that cyber providers no longer need to hack into data – instead they can log in with weak, stolen or falsified data. This is becoming increasingly important when it comes to privileged rights, such as those used by IT administrators to access critical infrastructure. It is estimated that such references are involved in 80% of data breaches.
Today’s dynamic threat landscape requires security experts to adapt to an ever-expanding area of attack. It doesn’t matter where the data they are supposed to protect or who ultimately tries to access it – person or machine. It is important that they minimize the risk of data loss. period.
Think of the following threats that lie ahead and for which companies need to prepare now:
After the impact of COVID-19, many organizations realized that they did not have the scalability to support their work from home, which accelerated the transfer of workload to the cloud. However, many companies still do not understand how to protect their cloud infrastructure. In fact, 92% of organisations recognise that they are facing a gap in their preparation for safety in the clouds. Unfortunately, there is still a widespread misconception about who is responsible for protecting privileged access to the workload in the cloud.
According to a Centrify survey of 700 respondents in the US, Canada and the UK, 60% of organizations mistakenly believe that the responsibility for protecting privileged access lies with the cloud service provider, while the responsibility-sharing model makes it clear that the organization is responsible. However, this transition to the cloud has not gone unnoticed by threatening actors. Indeed, data breaches in the cloud due to misconfiguration and abuse of privileged accounts have increased in recent years.
Although politicians and security experts constantly warn of the risks of cyber attacks, they rarely if ever mention the risks associated with the Internet of Things (IoT). They have to, because there are already many examples of IoT security breaches, such as STUXNET, the Mirai botnet, the connected cardio’s, etc. IoT in all its forms (e.g. physical security systems, lighting, appliances, heating and cooling, and automated means based on artificial intelligence such as chatbots) exposes businesses and consumers and their customers to a range of security threats. According to a study by Altman Vilandrie & Company, almost half of American companies using IoT have had to deal with security breaches.
The IOT should therefore be considered as part of a wider field of attack that requires protective measures. While consumers receive IoT devices such as Amazon Alexa, Google Home, Nest Labs and Smart Media all receive headers, most IoT devices are not used at home. They are used in industry, retail and healthcare. The rapid pace of implementation of these vertical systems is due to the advantages that IoT devices offer in terms of inventory management, machine management, efficiency gains, improved customer interaction and service, lower maintenance costs and even saving lives.
Today, identity includes not only people, but also work pressure, services and machines. In fact, the majority of users in many organizations are not human. They are often associated with privileged accounts and in modern IT infrastructures they often have a much larger footprint than traditional privileged user accounts. This applies in particular to DevOps and Cloud environments where task automation plays a dominant role. They are often a blind spot because security controls do not always take into account the identity of computers, IOs, service and application accounts when they are created. In addition to underestimating the risk associated with non-human identities, many organizations have realized that static password authentication, which often requires time-consuming manual configuration, is not appropriate in fast-changing multi-cloud and hybrid environments where access needs are often temporary and constantly changing.
While it is always important to create a strong perimeter and invest in a well-established security team, organizations need to adapt their security strategies to current threats and focus on identity and credentials. In this context, any privilege is necessary to prevent unauthorised access to business critical systems and sensitive data by both insiders and outsiders of the threat. The implementation of privileged, granular and role-based access control and the simple and fast availability of DeepL for target systems and infrastructures limit lateral movement.
Torsten George is currently a Cyber Security Evangelist at Centrify, helping organizations secure privileged access in hybrid and multi-cloud environments. He is also a member of the Strategic Advisory Board of NopSec, a supplier of vulnerability management software. He is an internationally renowned expert in computer security, author and speaker. Torsten has been part of the global IT security community for more than 25 years and regularly publishes articles on data breaches, internal threats, compliance structures, and IT security best practices. He is also co-author of the book Zero Privilege Trust for Dummies. Torsten has held senior positions at RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ brand), Digital Link and Everdream Corporation (acquired by Dell).
Earlier chronicles of Torsten George:
isf threat horizon 2021,isf threat horizon 2022,threat horizon definition,information security forum