Cyber attacks are on the rise due to vulnerabilities created by the growth in remote work and new technologies. Now, it’s time to fix the holes, according to a security expert.
“The attack surface is expanding with the quick transition to working from home,” said Chris Maroun, Global Director of Emerging Technologies with CyberArk, at a recent ITWC webinar. At the same time, emerging technologies, such as IoT and robotic process automation, are also increasing the potential points of attack, he said.
Not only has there been an increase in security breaches since the pandemic began, but the impact has been bigger, Maroun said. “Major corporations are getting hit.”
Maroun recommended that organizations should address the common pathways that cyber criminals are using to get into their systems. “If we can close as many doors as possible, we can better set ourselves up for success.”
Block the privilege pathway
Eighty per cent of hacking related breaches are tied to passwords, said Maroun. The initial intrusion is mostly tied to a phishing email because “the odds are that one out of every 20 will click on it.” Once inside, the hackers can get the admin password for that workstation, and work their way up to critical systems. The admin rights also give them the ability to change system configuration or install malware. This is an example of a cyberattack utilizing the privileged pathway. The same type of configuration opens the door to other and sometimes more concerning cyber threats, ransomware.
Organizations must prevent attackers from gaining that foothold into their systems, said Maroun. The way to do it is through better privilege management, using the “least privilege” principle. “We don’t want to disable people from doing their jobs,” said Maroun. “So, let’s enable them to do only the necessary things they truly need to do. You need to balance security and operations.”
As well, Maroun suggested a new approach. Rather than simply focusing on protecting security credentials, he suggested a focus on trusted applications with the required level of access for all. This blocks the attacker from running unapproved applications like Shiva or WannaCry, which are used for ransomware attacks. “Application control means that you can identify, block, and contain malicious software on the endpoint, mitigating the risks caused by attacks by only allowing the specific approved applications from accessing the data,” Maroun said.
Prevent attacks via third party vendors
Cyber attackers often target smaller, less secure organizations as backdoors to the networks of their larger, enterprise business partners, said Maroun. The number of vendors accessing critical systems is high, with 64 per cent of organizations saying they have between 25 and 100 vendors. A majority of them put third party vendors as a top ten security risk and are not satisfied with their ability to secure vendor access. They worry about time consuming access provisioning and de-provisioning processes and the lack of visibility as to what vendors are doing in their systems.
The solution is to set up a zero-trust environment, Maroun said. There should be no VPNs, no agents and no passwords used for third party vendors. Instead, they should use biometrics to verify their identity to gain access. The applications that each vendor can launch should be controlled and just-in-time provisioning should be used to set up the access for a specified period of time. As well, organizations should have a system to monitor and create an audit trail of what vendors do when they connect.
“If we only provide access that we can identify and track, that will give us a bit more peace of mind to sleep at night,” said Maroun.