The Insider Threat from a Credentials-Based Attack.
Despite the widespread occurrence and high profile internal security breaches, too many corporations are not doing enough to mitigate these risks.
Target Corporation & the Stolen Credentials from the Extended Enterprise
Stolen account credentials played a part in the recent Target Corporation payment card data breach. With approximately 40 million customers’ credit and debit card information exposed, stolen credentials from a third party vendor highlighted the weak security that often surrounds internal passwords.
A recent report from Clearswift in fact found that 58% of all data security threats come from the extended enterprise (employees, ex-employees and trusted partners).
Reaction to this news included Dr Anton Chuvakin, research director for Gartner Inc. He said that enterprises are bound to encounter attacks using legitimate stolen credentials, regardless of the proactive security measures put in place to ensure credentials are safe.
“Instead of relying solely on perimeter defenses to keep usernames and passwords out of attackers’ hands, organizations should focus on identifying when an account has been compromised.”
To do that, he advocated for monitoring end-users’ activity to pick up on any strange login behavior.
“Such successful activity monitoring begins with user login attempts. An attacker is likely to log in with stolen credentials from an abnormal location at an unusual time.”
Technology such as UserLock from IS Decisions helps organizations avoid such credentials-based attack to an Active Directory Infrastructure. It controls users access by preventing/limiting concurrent logins and restricts by location and usage/connection time. Continuous monitoring automatically applies these restrictions and alerts IT Teams to suspicious events.
Snowden Continues to Highlight the need for better Access Security
Reports this weekend, including this NSA agency memo obtained by NBC news, continue to suggest Snowden used personal log-in credentials from NSA co-workers to access classified information.
Whilst a highly secure system of password and log-in exchanges are designed to protect against unauthorized access to sensitive computer networks, what we’re dealing with in both the Target Corporation and Snowden case are authorized users who have access and rights.
Corporations are now starting to recognize the need to better manage network access for all authorized users and close the existing network security gaps.
A New Report on these Internal Security Breaches
Later this week IS Decisions will publish the findings of it’s own research on the issues of internal security.
To find out how organizations are attacking insider threats we conducted a study of 500 IT decision makers in organizations ranging from 50 to 10,000 people in the UK and USA to understand what their attitudes are to the threat from within and how they are approaching it.
Drawing on the results of the research, the report will empower IT professionals to take proactive measures to help them beat the threat from within.
Download the Insider Threat Manifesto – Beating the Threat from within.