It is not a bank, a government entity or a healthcare organization! This time the cyber crooks strike hard on the entertainment industry! Recently, a USA-based vendor that designs graphics processing units for the gaming and professional markets suffered a compromise of emails of more than seventy thousand employees. Can there be anything worse?
The victim also manufactures chip units for the mobile computing and automotive market. As a result, they had a huge and irreparable face loss in front of the global market.
The pattern and extent of the IT risks that organizations are exposed to today are getting too sophisticated to apprehend. And what is noteworthy nowadays is more and more targeted attacks are on supply chains vendors. These types of attacks might have cascading effects.
The vendor, in the above incident, has confirmed that some of the data was stolen due to the cyber-attack. The data mainly includes employee email IDs and credentials. The cyber incident response team and experts have analyzed the situation, though it seems that the hacker intruded from a less-used credential of an ex-employee.
Therefore, IT risk management including the password management needs a closer look at every layer of IT security infrastructure. And that starts with reliable data protection mechanisms and best IT security practices around Identity and Access Management because for today’s organizations, it is important to ensure that right users access the right data at the right time.
Moreover, as more and more organizations migrate workloads and data to cloud environments, it is critical to deploy digital vaults to secure credentials such as access keys, tokens and digital certificates.
The Insider Threat
Every year, billions of dollars are budgeted for cyber security, yet hackers from organized groups with the help of malicious insiders find ways to inflict serious damage to the organizations. These malefactors are smart enough to analyze, target and succeed in misusing the corporate data and maligning the reputation.
Privileged Access environment, in this regard, is more vulnerable to threats as privileged accounts are the gateways to more confidential information that can offer millions of dollars in the gray market. Several times, we observe that organizations fail to predict and prevent the anomalous user behaviour (both internal and third party). These users are directly or indirectly associated with the organization’s data assets and thus increase information security risks.
There is no doubt that data breach is one of the top IT threats today. The risk only increases as the world gears up for the hybrid WFA (Work From Anywhere) work culture along with the changing IT environments. Several IT security vulnerabilities such as poor password management, inadequate monitoring of user activities, absence of stringent IT security policy and lackadaisical attitude of the end-users increase IT security threats.
Due to the increased pace of digitalization, digital identities are rising rapidly. Increased distributed environment such as multiple datacentres, adoption of cloud computing, Big Data technologies all are intensifying the chances of data breach. If organizations fail to segment, govern and audit them, there could be repetition of similar catastrophic incidents as mentioned above.
It’s time to prioritize IT risk management at every layer of IT infrastructure. While insiders pose serious threats to critical infrastructure, organized cyber criminals nowadays target supply chains to cause business disruptions.