Targeted Attacks on confidential data

A popular European budget airline has recently revealed that it had suffered a “highly sophisticated” cyberattack exposing names, email addresses and travel details of almost 9 million customers. This incident has shaken the world of cybersecurity and has forced the IT security officials to rethink about the robustness of access control management and overall cybersecurity posture.

As we see today, many organizations still show a lackadaisical attitude towards securing critical information, critical systems, and privileged credentials. In the above incident, without disclosing the hackers’ identity, the organization claimed that the hackers’ group obtained unauthorized access to their huge database consisting of confidential information. Adding to the woes, it has been found that the credit card details of 2,208 customers were also accessed under suspicious circumstances. The digital security code or the CVV numbers of the cards were also compromised.

Although premature to say, malicious privileged insiders typically play a bad role in targeted attacks. In several cases, hackers target privileged credentials via social engineering and gain administrative access to root accounts and databases.

When it comes to Identity and Access Control Management, more importantly, Privilege Access Management, many enterprises still keep unadvisable practices such as manual monitoring of privileged accounts and maintain shared accounts and credentials. A key component of IT security architecture, privileged access management ensures a foolproof security for sensitive information. The practice ensures robust authentication, authorization and audit trails of each and every activity on target systems whilst it automates daily use cases workflows to enhance administrative efficiency. Secondly, a robust Privileged Access Management (PAM) solution like ARCON | Privileged Access Management can monitor privileged user activities in real-time, which helps to flag unusual activity and impending cyber incidents.

In the above incident, it is invariably presumed that the hackers’ group found a major loophole in the access control mechanism of the huge database which resulted in today’s financial and reputational disaster. Even if the customers are contacted (as promised by the airlines official) it will be an extremely difficult task for the organization to rebuild faith and security assurance. In order to avoid such catastrophe, organizations need to ponder over implementing the best possible security practices to mitigate the threats from malicious actors.

• Traditionally, organizations turn blind eye to the number of privileged accounts that exist within their IT ecosystem. As a result, the IT administrators fail to be in a position to monitor and control privileged user activities.
• Organizations very often fail to have a definite policy as to privileged sessions that take place every now and then.
• In a complex IT environment where there are numerous IT users accessing privileged accounts on-prem or from remote locations, the organizations ignore that every user should gain access to target devices only after providing multi-factor authentication.
• Organizations fail to practice granular level access control mechanisms that enable an administrator to restrict and control privileged users according to their roles. The challenge of securing confidential business information is addressed with the help of granular level control. It grants permission to privileged users only on a “need-to-know” and “need-to-do” basis.
• If the privileged credentials, that are the keys to organizations’ data assets, are not randomized and changed frequently with the help of a robust PAM vaulting, then organizations can never strengthen the Information Security posture.
• Lastly, the common trait which is ignored is the Audit Trails and the real-time reporting mechanism that helps the administrators to detect each and every suspicious activity happening in the enterprise network.

The bottom line: Malicious Insiders and organized hackers group target privileged credentials to gain access to key accounts and confidential information. Only a robust PAM solution can monitor the user activities in real-time and notify the IT administrators about any suspicious activity.

ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Endpoint Privilege Management mitigates risks arising out of endpoints. ARCON | Secure Compliance Management is a vulnerability assessment tool.