The battle between cybercriminals and computer security tools has been part of everyday business life for years.
Organizations try to stay one step ahead of attackers while ensuring their systems and data remain secure.
Traditionally, organizations have addressed this challenge by creating secure perimeters. The goal was to put in place strong external protections that keep bad guys out while still allowing the organization to function normally.
Fast forward to 2021, and that situation has changed. Rather than working within a secure perimeter, a significant portion of business activity now takes place externally. Whether staff are working from home or accessing resources in the cloud, the perimeter no longer exists.
The number of threats has also increased, with many organizations now facing a tsunami-like wave that threatens to overwhelm current defenses. With more and more business now digital, this wave will only grow.
The fact that the attackers have also changed tactics further exacerbates the challenge. Rather than trying to break through the defenses, they instead focus on obtaining legitimate credentials and credentials that simply allow them to connect to the target infrastructure.
Cybercriminals obtain user credentials in different ways. This can be by tricking a staff member into revealing them due to a phishing email or phone call. Alternatively, they can successfully access a resource such as Active Directory, which contains credentials for an entire organization.
Once inside, cybercriminals are likely to explore the infrastructure to determine the location of valuable data and the best way to cause disruption. They could then proceed by exfiltrating data and introducing malware that encrypts key files.
Monitoring and preventing such unauthorized activities is a difficult task. It can be difficult for security teams to distinguish between network traffic of legitimate users and those that should not be there.
Increasingly, organizations are finding that artificial intelligence (AI)-based tools can help with this monitoring task. The tools can detect unauthorized activity even with high data volumes.
Once the organization has identified the unauthorized parties, it can take steps to disrupt their attack attempts. The disruptions can consist of directing them to fake data or providing them with fake credentials.
Another step organizations can take to overcome the tsunami of attacks is to review and strengthen user access privileges. Users should access and use only the applications and data sources they need for their particular role.
If attackers compromise a user’s credentials, they will only have access to a subset of the organization’s IT infrastructure rather than all of it.
Often staff gain increased privileges over time as they change roles or move to different parts of their business. For this reason, the organization must conduct regular reviews to ensure that there is no so-called “privilege creep”.
Create an attack playbook
Despite taking security measures like these, unfortunately there is still a very real chance that cybercriminals will gain access to critical applications and data, causing disruption and loss.
For this reason, organizations must have a documented plan of steps to take if and when an attack occurs. This playbook should cover everything from removing the cyber threat to restoring systems that the organization should notify external parties of.
It is also vital that the organization revises its playbook regularly. Systems, applications and networks are constantly changing, so an approach that would have worked 12 months ago might not be as effective today.
The wave of cyberattacks sweeping the business landscape shows no signs of abating. However, organizations can have the best chance of not being victimized by adopting an identity-centric security posture and closing security gaps related to protecting credentials, privileges, and the systems that manage them. .