Jonathan Cogley's blog post was featured
The New Reality: Inevitability of Data Breaches and How to Mitigate Risk
How truly prevalent are cyber security breaches? When I speak to executives and ask if anyone has experienced a breach this year, they tend to dart their eyes and slump in their seats, keeping hands firmly at their sides. From the troubled looks on the flushed faces across the room, the answer is obvious.Data breaches are a real threat, not just media sensationalism. To better understand the scope and frequency of breaches, Thycotic commissioned IANS Research to survey IT professionals and executives at 100 organizations in the United States. The questions were answered by IT pros anonymously, with 90 percent of respondents hailing from organizations with $100 million or more in revenue, and titles including Director of IT, CISO, CTO, Developer and Network Adminstrators, and Security Engineers.What we learned from this IANS research confirmed the greatest fears of IT executives, security teams, shareholders and customers – every company surveyed (yes, all 100 of them), reported that they have experienced a significant attack or breach in the last two years.I know what you’re thinking. Your company is fine. This isn’t going to scare you. You’ve got things under control… right?The truth is, even if you’ve already had a breach, that doesn’t mean you’re safe from another.While resources should be invested in tools that help prevent breaches, the real question for 2015 becomes, “How do I limit damage once attackers are in my network?”The survey respondents who experienced a data breach indicated that a majority of attackers compromised networks through server exploits, password breaches, social engineering attacks, and web application exploits, in that order. Once these unauthorized individuals were inside the network, they used excessive privilege to move laterally and escalate their access 62 percent of the time (11 percent of respondents weren’t sure if privileged accounts were used).Respondents revealed that attackers gained access to privileged accounts by compromising a privileged user’s workstation (33%), stealing credentials from privileged users (29%), and performing pass-the-hash attacks (13%). Of the 100 companies breached, 36 percent experienced what they termed “significant impact,” such as loss of sensitive data or damage to their reputation.This data illustrates that at almost every attack vector used in a majority of breaches, privileged account credentials were sought to obtain valuable data or perform malicious activity.To halt attackers inside the network’s door, IT departments must stop them from gaining access to privileged accounts and moving across the network with the ease of a well-played chess piece. To do this, companies must regularly rotate and monitor their privileged account passwords. The ability to proactively change every password on a consistent basis, the minute a breach is suspected or when a disgruntled employee walks out the door, is paramount to securing the core of your business. If you catch someone breaking into your house, don’t let them find the keys to your safe.When tallying the costs associated with a data breach, most organizations look at the potential loss of intellectual property and short-term and long-term damage to their systems, as well as remediation and forensic costs required to identify and prosecute the cybercriminal responsible.Organizations should also factor in the cost associated with reputation damage, which may harm revenue, as well as any industry fines they may incur. Depending on the nature of the breach, the company itself might even face prosecution for allowing data to become public, such as what happened to AvMEd. These costs can be sizable and some are difficult to fully quantify, especially damage to the company brand. As the recent Target breach demonstrated, fallout from these types of attacks can quickly tarnish the careers of IT executives, resulting in CISOs or CIOs being forced to step down. No wonder there are such high levels of stress in the industry.We have long passed the point where organizations can afford to ignore the significant threat that cybercriminals pose to companies' sensitive data and customer reputation. Organizations need to invest in strong privileged user management and monitoring tools that allow them to not only shore up protection alongside other security initiatives, but also to aid in determining where attacks began in the event of a breach.Companies should also maintain full audit logs and monitoring privileged user activity, whether you’re correlating that data from your SIEM tool or privileged account management solution, in order to properly analyze it against other events of concern. Breaches don’t happen in a vacuum. For example, consider APTs, where the attack is multifaceted. One cannot simply look at account usage to realize the network is at risk, but instead must correlate events throughout the organization.In 2015, the point will not be to simply keep attackers out, because that is an impossible goal, and a battle from all sides: disgruntled employees, employees who make mistakes that let others into the network or accidentally leak data, external hackers who breach networks for fun, attackers for terror, and hackers who like to lurk. These are not simply flashy headlines.Don’t let cybercriminals make your brand another example of poor security practices. Instead, 2015 will be the year of the cyber-sand trap: Hey attacker. You got in. So what? You can’t get anywhere from here.Jonathan Cogley is CEO of Thycotic Software.See More