The real, $940 million risk of sharing credentials or having weak login information!
Last week, a federal judge awarded Epic $940 million in damages, $240 million in compensatory damages and $700 million in punitive damages in the suit against Tata. Tata plans to appeal the decision.
At the centre of the lawsuit is the unauthorized access to confidential information by Tata employees. Court documents indicate an employee of Mumbai, India-based Tata shared login credentials with others, who then accessed the web portal of the Verona, Wis.-based vendor. This sharing of credentials is a growing worry for CIOs and security professionals, and the ease with which it happened elevate that concern.
“This is basically every CIO and CISO’s nightmare — unauthorized access to sensitive data and information by offshore contractors that are a direct or indirect part of their supply chain,” Avivah Litan, vice president and distinguished analyst at Gartner, a technology research company, told Wall Street Journal.
One of the most worrying aspects about a potential attacker gaining access to your network using compromised credentials is that you’re unlikely to find out about it straight away. Once an attacker is in using a legitimate login, there’s no reason for your anti-virus, anti-intrusion and firewall to believe that the person accessing the information is not legitimate — so it might take a stroke of luck or a particularly eagle-eyed IT administrator before you catch the perpetrator and limit the damage.
However, there are simple ways to help safeguard networks against compromised, shared and stolen credentials.
Unlike two-factor authentication which can often get in the way of employees doing their job, these solutions are transparent to the end-user and don’t impede your employees. It’s here that IS Decisions’ products UserLock and FileAudit can help.
For example, UserLock can restrict access to the organisation’s systems to certain workstations, devices, departments or different times of the day. Then if an attacker does manage to get their hands on an employee’s password, they can’t log in unless they’re on site or logging in from a particular device.
In addition, companies can implement FileAudit that alerts administrators to strange behaviour on the network, such as mass file deletion or copying.
A joined up approach
As the high-profile security breaches continue in 2016, IT professionals must take a joined-up approach of better user education and technology solutions across the whole enterprise.
Here’s a 12 step guide to help future proof your organization and most effectively mitigate against this type of insider threat.