Data: Identifying threats
November 14, 2017 | Network Security, User Monitoring
Technology advancement has enabled organizations to gain efficiencies especially with respect to storing and processing data. Since there are multiple resources to store data, its security management is a big challenge. Indeed, what makes data vulnerable is its multiplicity. It is not only stored at several layers of an organization’s Information systems, but enterprises are also adopting cloud environment and managed IT services.
If the endpoint devices that give access to systems (on premises / off premises) are not monitored or IT ecosystem lacks adequate cyber defenses to detect and restrict suspected activity -- any malicious actor in the entire IT ecosystem can compromise vital data without leaving a trace.
Against this backdrop, organizations across the world are witnessing a sharp spurt in incidents that involve breach of sensitive and/or critical information.
Recently in Australia, personal records of about 50,000 employees from several government and utility organizations were compromised by a third-party contractor. The leaked information included names, passwords, credit card numbers, confidential corporate information such as salaries and expenses. Likewise, a British accounting software firm last year suffered data breach after a malicious insider misused login credentials to steal customer information.
While security and compliance personnel have become increasingly wary in the wake of rising cyber incidents, organizations are not implementing sufficient safeguards to address data security.
There are broadly three causes behind compromise of an organization’s private data:
1) Poor management of Privileged Accounts: The most common mistake. Data breach typically occurs when access to privileged accounts is unmonitored, uncontrolled or unrestricted. These are the crucial ADMIN accounts that give access to organization’s confidential data. Disgruntled or malicious insiders can compromise sensitive information, if IT security personnel have no mechanism in place to analyze who is accessing what, for which purpose and when. Further, risks associated with misuse of data multiplies if privileged credentials are shared by ADMINs for various functions and third-parties/consultants have access to those. A mid-sized enterprise on an average has 500-1000 privileged accounts. Imagine the risk organizations take if these large number of super user accounts are administered without any access control/ request management policy that incudes privileged delegation and privileged user behavioral analytics.
2) Risk arising from outsourcing: Outsourcing IT functions to managed-service provider’s premises essentially means delegating control of your systems to third-parties. While basic safety standards form part of a contract with any managed-service provider, secure access control across entire service provider’s network is more important. Enterprise data is at risk if privileged access control management is not robust.
3) Targeted Attacks: It could be from any quarter of the world often by rogue states and organized cyber criminals. However, the points through which targeted attacks take place is through end-user devices. Very often, we unknowingly install malicious programs that are capable to capture privileged credentials through sophisticated spyware or other backdoors.
To overcome an enormous challenge with respect to safety of critical information assets, organizations must have a framework wherein every Privileged user, Sysadmin, Database and Application Administrator has access to confidential information only on ‘need to know’ and ‘need to do bases’. Essentially, it means to equip an IT ecosystem with a tool that will monitor all privileged sessions.
ARCON’s enterprise-class Privileged Access Management suite provides a comprehensive set of functionalities that enables organizations to build a robust security across the network of end-user devices as it provides real-time threat monitoring and analytics whilst restricting unauthorized access to systems.
ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Secure Compliance Management is a vulnerability assessment tool.