Data Breach: Time to identify Inherent Risks and adopt preventive measures
Dec, 20 2019 | DevOps, Cloud
The cyber world continued to witness sophisticated attacks this year as well. Some alarming statistics highlights that the state of cyber- security preparedness is not up to the mark. Indeed, recently, the Indian Computer Emergency Response Team (CERT-In) announced that more than 21,400 Indian websites were hacked till October 2019 which is a sharp rise compared to 17,560 in 2018. Data Security Council of India (DSCI) in a joint study with PwC India has found that the average cost (in 2019) of data breach in the country has shot up to INR 11.9 crore which is a sharp increase by 8% compared to 2017. The same research shows that the average cost of malicious insider attack rose by 15% this year compared to 2018.
While 'Digital India' drive has paved the way for innovation and prosperity, the alarming rise of advanced cyber threats might dampen the spirit and derail the digital push.
In this backdrop, the PDP (Personal Data Protection) bill that has been proposed recently by the Government of India to the Joint Parliamentary Committee in the Lok Sabha, is definitely a welcome step. The legislation after becoming an act is expected to make organizations overhaul how they maintain personal and confidential data.
As mentioned above, the global data breach cost is increasing and organizations are yet to come out of the ambiguity about how to secure their confidential data. In a shared and distributed environment, most of the organizations seldom give importance to controlling and monitoring of Identities. On-prem data centers, endpoints, on-cloud data centers, smart city, IoT, Industrial Control Systems -- there are N number of privileged identities created in any kind of IT environment. These identities allow us to communicate with critical systems by viewing/altering/deleting data. Imagine the catastrophe, if a single unmonitored identity is misused by any malicious user.
The privileged accounts are omnipresent. These accounts provide access to databases, application servers, network devices, cloud resources, DevOps, IoT devices and Industrial Control Systems like SCADA. Organized cyber criminals or malicious corporate insiders typically try to break into critical systems by abusing privileged accounts, stealing privileged credentials and obtain access to the critical and confidential data assets. The challenge of combating sophisticated IT security threats is getting bigger since the IT infrastructure is getting complex amid increasing pace of digitalization. Hence, it is highly imperative for organizations to reinforce privileged access control. The practice includes a methodical approach to manage and monitor privileged accounts. It ensures every privileged access to target systems is authorized, authenticated and audited. Still, enterprises overall security posture involving privileged access management is not robust enough. We will be discussing some common mistakes made as to data security in our next article. Stay tuned.
ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Endpoint Privilege Management mitigates risks arising out of endpoints. ARCON | Secure Compliance Management is a vulnerability assessment tool.