Verizon’s 2016 Data Breach Investigations Report analyzes exploitation data collected last year. Not surprising, the distribution of incidences are similar to the previous year. The top 10 vulnerabilities still account for 85% of successful exploits. With automated attacks yielding incredible success, new vulnerabilities come out daily. With 95% of attackers motivated by money, the bad news gets worse. The detection deficit is growing. Which mean, attacks took less time and detection took longer. Our security controls appear to be less effective.
The irony is the rise in external detection from law enforcement agencies shows. Organizations must be doing a worse job of policing themselves. Phishing continues trending upward as it gets executed in more opportunistic manners. And, administrator and privileged credentials remain the prized target. Passwords continue as a critical vulnerability.
With organized crime responsible for 89% of attacks, use of stolen credentials are rampant. Apparently, criminals’ communication to employees appears to be more effective than your security organization’s communication.
Password and Credential Vulnerabilities
Passwords are no longer just cracked. They are utilized to advance an enterprise attack. Static passwords and credentials continue to be targeted by hackers and malware. The report indicates 63% of breaches leverage weak or stolen passwords. Definitely, multi-factor authentication improves security controls by making early detection more likely. It also creates an additional challenge against spoofing.
Ninety-seven percent of stolen credentials came from partners. When you consider, insider incidents take the longest to detect. A third were end users who were tricked. They were also targeted for their privileged access to sensitive data. For this reason, keep an eye on your most trusted employees. They are your biggest targets too.
Recommended Security Controls
To improve your security profile, Verizon recommends several identity management security controls. The list includes the following actions and operations:
Establish a process for vulnerability remediation that targets vulnerabilities, which attackers are already exploiting.
For systems that cannot be patched, apply other risk mitigations in the form of configuration changes or isolation without disrupting business.
Identify unknown accounts and deviations from standard configurations.
Provide awareness training and information for employees and partners so they can resist anything that looks ‘phishy‘.
Protect your network from compromised computers by implementing strong authentication.
Validate user credential inputs so that commands cannot be passed to your database.
Improve authentication with a second factor such as SMS and monitor login activity for unusual patterns.
Require vendors to use strong authentication to access your environment.
Track remote logins and verify any and all that are against the norm.
Monitor daily activity of users who access financial, personally identifiable information (PII), payment cards, and medical records.
Carefully give out privileges and practice the principle of least privilege.
Keep record of errors that plague your organization for training to raise security awareness.
Change user behaviors by ingraining security and situational awareness into operations.
Defend your network using two-factor authentication; segment your POS network, block C2 communications, and remediate compromises.
Monitor internal networks, devices and applications to learn from Account, Audit, and Network/IDS logs.
Security Controls and Hacker Ecosystem
An interrelation exists between incident patterns and security threats. Malware in one organization leads to DoS and fraudulent transactions in another. Similarly, internal breaches can result in attacks on your customers using their own personal information.
Forensics analyzed in the report relate a path showing a familiar pattern. Phishing retrieves stolen data used to establish a C2 that drops a keylogger for stealing credentials to data that is exported to sell. It’s the hacker Hakuna Matata.
The report emphasizes only coordinated efforts can properly address the threats. Law enforcement, the private sector, financial institutions, Internet security, and users all must contribute. Each has a role. Insurance settlement research shows a majority of payouts goes to legal guidance during the crisis management phase. Considering the cost of damage control, security control is a steal!
Begin your identity management initiative by following what corporate compliance experts recommend for the workflow automation of businesses processes, self-service administration and IT operations.