Your First Two Steps to Make Life Harder for Cyber Attackers
If you think like an attacker, you’ll realize that your best approach to securing your critical assets is to assume that you’ll be breached. But what does this mean in practice?
Your First Two Steps to Make Life Harder for Cyber Attackers
If you think like an attacker, you’ll realize that your best approach to securing your critical assets is to assume that you’ll be breached. But what does this mean in practice?
Domestic cyber criminals and nation-state attackers alike are capitalizing on this time of uncertainty – and remote workers are a prime target.
Tonya Ugoretz, deputy Assistant Director of the FBI Cyber Division, recently spoke at a virtual Aspen Institute event. Ugoretz described the situation best as a “collision of highly motivated cyber threat actors and an increase in opportunities.” In fact, the FBI’s Internet Crime Complaint Center (IC3) is currently receiving between 3,000 and 4,000 cybersecurity complaints daily – a massive jump from their normal average of 1,000.
Criminals are taking advantage of “enormously high public interest in information” on COVID-19, the status of government stimulus checks and updates on local community restrictions. Some are setting up fake domains claiming to sell personal protective equipment, masquerading as charities working to raise money for patients or offering fraudulent loans to the financially strained. Times like these present a lucrative opportunity for cyber criminals – and they know it.
A Common Attack Method Shines
Traditional phishing attack methods continue to be a popular first step in the cyber attack chain. With a legitimate-looking email disguising a malicious, virus-spreading link or attachment, the attacker can easily cast their bait. These attacks have come to present an increased threat to businesses – especially now.
In today’s environment, remote workers are increasingly using both personal and corporate devices to access corporate resources. While a company may have made the office computer as secure as it can, if the remote worker logs on with their home laptop, that doesn’t help. Even employer-owned devices may be more vulnerable at home as many workers will be connecting through unsecured Wi-Fi.
Furthermore, with the adjustment to working from home – whether that means setting up a laptop on the kitchen table or working with kids playing in the background – many newly remote workers are not at their most alert, which makes it easy for them to mistakenly click on the wrong link. Clicking on a phishing link gives the cyber attacker a foothold on that person’s workstation – from there they can gain access the company network to accomplish their goals.
Who’s at Risk?
While there are plenty of nefarious individuals working to cash in on chaos for personal profit, many of today’s campaigns are driven by highly organized nation-state attackers with deep pockets. To help shine a light on some of their methods, the FBI and a group of federal agencies issued a public alert this month – noting that financial institutions and digital currency exchanges are particularly at risk as attackers develop and launch “increasingly sophisticated” malware tools in search of large payouts.
The FBI has also observed a spike in nation-state cryptojacking attacks where attackers compromise victim endpoints and steal computing resources to mine digital currency. Additionally, they warned of ransomware campaigns, some of which demand payment “under the guise of long-term paid consulting arrangements in order to ensure that no such future malicious cyber activity takes place.”
But the financial sector isn’t the only one at risk. Hospitals and healthcare organizations are “deeply under attack,” explained Ugoretz and her co-presenters. As evidenced by attacks on the World Health Organization (WHO), nation-states are particularly interested in gaining insights on the coronavirus to help inform their country’s own response. These attackers are also honing in on research institutions and biotechnology companies that have publicly touted their work in progressing treatments and a viable vaccine.
Prioritizing the Protection of Privileged Access
Whether targeting healthcare organizations, financial institutions or any number of other companies, there is one common thread. Attackers are looking for sensitive information they can exploit – and they are doing so by compromising endpoints, stealing credentials and escalating privileges in order to access their targets.
While attackers can ultimately accomplish their goals by targeting any endpoint, they often seek out those of privileged users (like system administrators working from home) who have access to sensitive assets and powerful systems. By stealing privileged credentials from these users, attackers can accelerate their efforts. After gaining legitimate access to company systems, attackers appear to be company employees and can move throughout the environment with ease to conduct reconnaissance and siphon off proprietary data.
Privileged access is the gateway to an organization’s most valuable assets and is at the core of nearly every major security breach today. With privileged access, motivated external attackers and malicious insiders alike can access network infrastructure and steal data. Without that access, attackers are severely limited in what they can accomplish.
That’s why protecting the pathway to critical resources with privileged access management (PAM) is so important. Organizations that have a strategy in place to manage and monitor privileged access, as well as detect and respond quickly to threats, are best positioned to defend against today’s targeted threats.
While there is no silver bullet to protect organizations from this surge in criminal activity, prioritizing privilege can dramatically reduce the business impact of an attack.
Privileged accounts and the access they provide represent the largest security vulnerability an organization faces today. These powerful accounts exist in every piece of hardware and software on a network. When employed properly, privileged accounts are used to maintain systems, facilitate automated processes, safeguard sensitive information, and ensure business continuity. But in the wrong hands these accounts can be used to steal sensitive data and cause irreparable damage to the business.
Privileged accounts are exploited in nearly every cyber-attack. Bad actors can use privileged accounts to disable security systems, to take control of critical IT infrastructure, and to gain access to confidential business data and personal information. Organizations face a number of challenges protecting, controlling, and monitoring privileged access including:
• Managing account credentials. Many IT organizations rely on manually intensive, error-prone administrative processes to rotate and update privileged credentials—an inefficient, risky and costly approach.
• Tracking privileged activity. Many enterprises cannot centrally monitor and control privileged sessions, exposing the business to security threats and compliance violations.
• Monitoring and analyzing threats.
Many organizations lack comprehensive threat analysis tools and are unable to proactively identify suspicious activities and remediate security incidents.
• Controlling Privileged User Access.
Organizations often struggle to effectively control privileged user access to cloud platforms (IaaS a PaaS), SaaS applications, social media and more; creating compliance risks and operational complexity.
• Protecting Windows domain controllers.
Attackers can exploit vulnerabilities in the Kerberos authentication protocol to impersonate authorized users and gain access to critical IT resources and confidential data.
Founded in 1999, SecurIT has over 18 years of extensive experience of designing, implementing, maintaining large Identity Management/Governance infrastructures. With more than 30 specialists permanently employed in the Netherlands SecurIT offers its customers high quality consultancy, implementation, management and support services (24*7).
Healthcare is working intensively to help everyone in society in these bizarre times of the corona crisis. At the same time, criminals abuse the situation by digitally attacking healthcare institutions and healthcare providers, for example by distributing ransomware or sending spam. We find this unbelievable and take action by uniting in the Dutch coalition “We Help Hospitals” to protect Dutch healthcare institutions free of charge against digital attacks during times of the corona crisis.
The COVID-19 virus attacks our immune system. We try to limit the damage as much as possible by taking the correct preventive measures in time. Matters such as mouth masks, disinfectants, respiratory equipment and the care surrounding it are essential, otherwise, the pandemic is incalculable.
Just as COVID-19, there are continuous security attacks that test the immunity of every organization. The right combination of preventive measures can make the difference between the simple flu for your organization or a total lockdown with all its consequences.
As with the COVID-19 virus, security threats are present. We all know that sooner or later we will be confronted with this.
The question is how are we prepared for this? SecurIT is the healthcare provider with years of experience. We are the doctor that you want to have at your bedside to prevent your organization from ending up in an irreparable emergency.
What we can do for you
|Situation||Why should you bother?||The solution that we could provide|
|Working safely from home (for home workers, but also third parties)||Office network is a trusted environment. But how about home network, home wifi and unmanaged devices? Offer secure access to company network & apps||Secure Remote Access (CyberArk is needed)|
|Prevent Security breaches caused by malware/ransomware and attackers that are abusing the corona virus to hack||Over 80% of ransomware attacks starts from some clicking on phishing mail. Virus scanners do not always detect this. How to prevent ransomware?||Endpoint protection & Privileged Account Security|
|Secure password usage (or no password usage at all)||A large majority of successful cyberattacks are due to stolen or compromised passwords. Make sure your employees are using strong passwords for all of their work accounts, are not reusing passwords, and are using multi-factor authentication (2FA) on all websites, applications, and systems that support it||Password Manager & Multi-factor authentication|
Do not wait until it is too late, contact us now.*
*If you are a Healthcare organization outside The Netherlands or if you are NOT a healthcare organization at all, please let us know as well, and we’ll check the possibilities with you to help you where we can.
Dear Customer and/or Partner,
The coronavirus (COVID-19) pandemic is affecting people all over the world and forces businesses to far-reaching health and safety measures. We want to assure you we remain committed to providing the best possible service despite the challenges we all currently face.
At SecurIT, our people are the heart of our business. This means that we take no risks concerning the health and wellbeing of our people, customers, their families, and society at large. We shall, therefore, fully comply with all relevant measures that we are asked to take by government officials and health experts.
We have taken several measures to minimize the risk of infection with the COVID19 Virus for both our personnel and third parties.
Below some of the measures:
· We have closed our offices in Amsterdam and Greenville, and all our employees work from home.
. Our support organization can be contacted as usual.
· All (physical) internal and external meetings and appointments have been canceled. Where possible, we meet and get in touch through electronic means.
We strive to continue to serve our customers as usual and to ensure that the service for your customers will continue optimally.
Take care and stay safe.
|In light of recent news surrounding COVID-19, the disease caused by the novel coronavirus, many employees may suddenly need to work from home. If employees can’t access applications and information securely from remote locations, their productivity will decrease and the security of key corporate assets will be at risk. Together with our partner Ping Identity, we are prepared to help IT organizations with the following immediate steps to ensure employees can be productive anywhere in the world.|
|1|| Put multi-factor authentication everywhere|
52% of data breaches are due to hacking, and of those, 80% are due to weak or compromised passwords.1 Multi-factor authentication (MFA) can reduce password risk by 99.9%.2 Putting MFA everywhere is a no-brainer, especially on VPN connections and for employees that use personal devices (BYOD) when they work from home.
|2||Leverage intelligence so that added security doesn’t add friction|
As more employees work outside the corporate network, intelligent authentication helps you make better decisions about who should have access to resources. Continuously evaluate risk scores based on user behavior and location to better understand when to grant access, when to step-up authentication or when to deny access—all without impacting employees’ productivity.
|3||Being on the network shouldn’t automatically grant access|
Organizations enable VPNs for remote access, but this often allows employees to access more than they need. Since 23% of sensitive data breaches are caused by internal employees,3 someone shouldn’t have access to everything just because they’re on the network. To mitigate risk, enforce least-privileged access and establish Zero Trust security for apps, APIs and data.
|4||One password is not only more secure, but it’s also more productive|
On average, employees spend 10.93 hours per year entering and resetting passwords.4 This slows down remote employees as they sign on to applications to get their work done, like collaboration apps for instant messaging and video conferencing. Federated single sign-on (SSO) and self-service password reset gives employees back all those hours and lets them get back to work. Better yet, strong authentication methods, such as biometrics and FIDO2 keys, can make passwords a thing of the past.
|5||Put digital business resources at workers’ fingertips|
There’s a streamlined app for just about every business task. But employees may struggle to find all these tools—or just forget to use them now that they’re not in their usual work environment. They may also find them difficult to access, since some are on-prem and some are in the cloud. With a dock for SSO to all digital resources in one place, employees can easily find, access and use apps to get more work done from anywhere.
We want to help you get your work-from-home workforce secure and productive, right now. Get fast, free, cloud SSO and MFA for unlimited apps and unlimited identities.
1 Verizon 2019 Data Breach Investigations Report
2 Microsoft Security Intelligence Report, 2018
3 Forrester Analytics Global Business Technographics Security Survey, 2019
4 Ponemon 2019 State of Password and Authentication Security Behaviors Report
The trend toward a mobile, distributed workforce, including working from home, has been underway for many years. Unfortunately, sudden events like COVID-19, the disease caused by Coronavirus, can shine a harsh spotlight on the need to provide more comprehensive workforce access and productivity solution than what many companies have in place currently. Organizations like Google, Microsoft and Amazon have already encouraged employees to work from home. And JPMorgan Chase, as a precautionary measure for contingency planning, asked 10% of its entire workforce to work from home to test their global remote access capabilities.
Working from home is no longer just a perk to offer employees, but a critical alternative to keep your business running.
To fully enable a productive remote workforce, organizations need to make working from home seamless. They need to offer a smooth user experience while making sure that systems and data remain secure. In order to evaluate whether your remote working procedures are effective, here are a few questions to consider:
Think Beyond Network Perimeters
For many years, virtual private networks (VPNs) have been the default solution for enabling remote access to work resources. However, the notion that a VPN should legitimize employee access to all of a company’s resources is outdated. In fact, VPNs have been the source of some high profile hacks and were even the subject of an NSA advisory.
Instead of solely relying on VPNs, organizations need a strong identity foundation. That means implementing Zero Trust principles, where by default no network traffic is trusted. Instead, everyone and everything must be verified via centralized authentication services relying on capabilities like single sign-on (SSO) and multi-factor authentication (MFA). By implementing strong, centralized authentication, organizations are less susceptible to the inherent weaknesses of VPNs. In addition, with an identity foundation based on Zero Trust, organizations can control access beyond the network to assets like applications, data and APIs.
Reduce Passwords Wherever Possible
In terms of security, strong authentication becomes even more critical when your employees are working from home. Passwords alone are not enough, it’s time to augment or replace them with smarter, more secure authentication factors. Using other factors can also result in increased productivity. For example, location tracking can be done in the background and continuously verify employees without interrupting their work.
Multi-factor authentication can mitigate many of the security and productivity issues that come with employees accessing critical business resources from home. It does this by layering various combinations of authentication factors:
Leveraging easier, more secure factors than passwords gives enterprises the option of reducing password use or going completely passwordless. To reduce password use, organizations often extend the length of user sessions from days to weeks, only requiring password entry during this extended session when a new device is used to sign-on. Organizations can also implement rules around longer sessions, such as only extending session length for users logged in from known locations like a corporate office.
The next stage of maturity is passwordless login, where an alternative factor (fingerprint, authenticator app, security token, etc.) becomes the primary method of authentication. Further down the path of maturity is a bypass of both the username and password in a “zero login” scenario, enabled by storing a cookie on the employee’s device.
When talking about passwordless authentication, we would be remiss if we didn’t also mention Fast Identity Online (FIDO), a global alliance committed to solving the world’s password problem. By design, the FIDO standard for authentication does not allow passwords to be used under any circumstances. FIDO authentication methods includes device biometrics, security keys, and Windows Hello to increase resistance to advanced phishing attacks, password theft and replay attacks for web authentication.
Examine Your BYOD Strategy
Companies that are shifting to remote work out of necessity may not have the budget or time to issue employees trusted, pre-configured corporate devices. Allowing employees to bring their own devices (commonly known as BYOD) is not only a growing trend but perhaps the only option available in the short term. In order to make BYOD a reality and ensure employee productivity, enterprises require central authentication services that can easily integrate with and leverage signals from mobile device management systems (MDMs).
The integration of your user base and applications with your MDM can be accomplished with a strong identity foundation. Ensure that your central authentication services include easy admin set-up and quick user adoption. From there you can implement MFA to realize the benefits of user-friendly authentication methods (fingerprint, facial recognition) and contextual identifiers (detecting jailbroken devices, user location).
Implement Smarter, Adaptive Access Policies
Network, password and device security are crucial aspects of employee access, but there’s still more to secure. Organizations may be using outdated web access management tools to manage authorization policies for critical legacy or mainframe applications, but they struggle to secure modern resources like single-page apps (SPAs), mobile apps and SaaS. They also may not be giving enough consideration to securing the data or API layers. Enabling adaptive access security is crucial to ensuring your workforce has the right access without introducing unnecessary friction.
The first step toward adaptive access security is to create a centralized authentication service that can extend across all your resources, whether they live in the cloud or on-premises. Once those centralized authentication and authorization policies are in place, you can introduce fine-grained authorization at the data level and analyze API traffic to learn, detect and block potential threats. But this shouldn’t come at the cost of productivity. Smart policies based on dynamic risk scoring can grant access to a user, require step-up authentication if necessary or deny access altogether.
Embrace Identity Intelligence
For a majority of organizations that have embraced the cloud, mobile and “as-a-service” products, the days when the network was the security perimeter are in the past. Organizations need an identity solution that can operate at the speed and scale they’re used to. They also need a solution that can integrate with their existing technology stack and support open standards to future-proof their investments in new technologies.
Identity intelligence enables this vision by connecting all the resources within your enterprise, receiving contextual signals from multiple systems and working across the silos that have grown over time. It’s the ability to ensure secure access without introducing barriers. It serves as the organizational brain that can enforce smart policies with split-second decisions leveraging various sources such as devices, user directories, AI and fraud signals. With intelligent identity in place, your organization can break down the barriers between remote and office work and deliver exceptional employee experiences.
How SecurIT Can Help
Large enterprises in North America and Europe trust SecurIT to enable their remote workforces at scale. They use our intelligent identity solutions to speed up their businesses and allow their employees to get things done, no matter where work happens. SecurIT helps them to ensure that all of your resources are covered. No matter what product you are looking at/for. We help you to get started.
To support organizations in this transition, we’re offering up fast, free usage of selected Ping products. For organizations new to Ping, we are offering cloud-based single-sign-on and multi-factor authentication. And for existing PingFederate workforce customers, we are offering free multi-factor authentication. These products can be deployed rapidly across unlimited users and applications, keeping your work-from-home employees secure and productive.
Your enterprise needs to begin deploying a multifactor authentication solution on your network. No compromises. Full stop.
These strong statements come with the backing of mountains of cybersecurity and identity management expert research. As much as enterprises still rely on password-based single-factor authentication, it just doesn’t work. Indeed, hackers specifically target these systems because they represent easy marks. Moreover, single-factor authentication leaves you vulnerable to insider threats or even non-human automated attacks.
But how should your enterprise go about deploying multifactor authentication? Which factors should you employ in your identity security policies? Does step-up authentication make sense for your environment? Can you balance identity management with effective business practices?
We answer these questions below.
Oftentimes, cybersecurity inertia causes as much damage as evolving digital threats. Enterprises become comfortable and familiar with their current identity and access management solution. Therefore, they continue to use it even as hackers discover and deploy new methods of subverting or exploiting.
Unsurprisingly, this applies to single-factor, password-based authentication. For years it served as the foundation of identity management. Only in the past few years have cybersecurity experts and enterprises realized its inherent weaknesses. The latter, though, continues to struggle with the change.
According to researchers, passwords offer very little in terms of actual identity security. Even inexperienced hackers can crack them or purchase software that automates cracking them. Worse, hackers can now use publicly available information, such as through social media, threat actors can often guess users’ passwords. Distressingly, given the horrible password practices most users embrace, hackers often guess right.
Compounding matters further, users tend to reuse their passwords on multiple accounts, including their work accounts. As a result, any data breach could give threat actors more weapons in their credential stuffing attacks.
Obviously, these facts argue strongly for deploying multifactor authentication yesterday. But how can you do it most effectively?
The principle rule of thumb regarding authentication is the more steps between access request and access granted, the more secure your enterprise.
Two-factor authentication, therefore, proves much more effective than password-only authentication for exactly this reason. However, more talented threat actors can circumvent the second step in two-factor authentication. In most cases, they can interfere with SMS messaging and trick employees into giving their passwords away without realizing it.
That’s why deploying multifactor authentication—with three, four, five, or more steps, offers so much more identity security in the long term.
Of course, the most dedicated and experienced hackers could subvert your identity security with MFA. However, this would cost them time and effort they could invest in attacking weaker targets; hackers prefer to follow the path of least resistance. Deploying multifactor authentication thus works as cybersecurity protection and as a deterrent.
Here’s how you can get the best identity and access management today.
Deploying multifactor authentication begins with selecting the right IAM or privileged access management (PAM) solution for your enterprise. Privileged access management especially helps protect users’ identities through strong authentication, including your superusers. In fact, many serve as the innovators of MFA factors.
However, not every solution is created equal. Put another way, your distinct business use cases pose unique identity management challenges which not every solution can accommodate. Additionally, the demands of your privileged users naturally differ from those of other enterprises; the number of privileged users, their involvement in your business processes, and what databases they access regularly should affect how you begin deploying multifactor authentication.
Thus, you must select a solution that fits your needs. Don’t skimp on the self-assessment.
Multifactor authentication can involve any number of potential factors. These can include:
This list only scratches the surface of potential multifactor authentication.
However, not every multifactor authentication factor makes sense for every industry or enterprise. For example, SMS text messaging may not offer proper security for more remote workforces; hackers who obtain users’ devices could easily subvert that factor. On the other hand, most mobile devices offer built-in physical biometric readers; this obviously facilitates biometric authentication.
When deploying multifactor authentication, you need to consider what endpoints your users employ in their business processes. Additionally, you need to consider your IT environment and what factors make the most sense for securing it.
No one disputes the identity security benefits of deploying multifactor authentication. Where enterprise decision-makers tend to balk is the effect MFA has on the user experience.
Indeed, additional steps at the login portal can negatively impact user convenience. In worst-case scenarios, the additional authentication factors can actually inhibit business profits and lengthen response times.
Many cybersecurity experts argue enterprises must sacrifice convenience for true identity security. After all, if your business suffered from the analog equivalent of digital threats, you would probably put up as many checkpoints as possible before granting entry.
Fortunately, step-up authentication offers a means to balance both security and convenience in user authentication. Step-up authentication asks for more authentication factors as the sensitivity of the access requests increases.
For example, a user logs in to the network by inputting only two factors. However, let’s say that the user then wishes to look at a more restricted file. The step-authentication system asks for a third and possibly fourth factor to verify the user first, even though they logged in to the network.
After that, the user requests access to sensitive proprietary data. The system, in turn, asks for more authentication factors, often the most extensive (such as physical biometrics or a hard token).
As you can see, step-up authentication only becomes apparent as users engender further risks. In addition, you can employ step-up authentication only on your privileged accounts, which can do the most damage in the wrong hands.
Deploying multifactor authentication should become a major concern for your enterprise and a top priority. Now’s not the time to let your identity and access management stagnate. Your enemies never stop innovating. Neither should you.
Officials from the Trump administration warn that the era of social distancing might continue for several weeks. Others suggest it could as long as a year or longer. In either case, online retail and remote customer relations continue to dominate the economic landscape. Additionally, so many businesses have chosen to work from home, forcing all customer relationships to go digital. Therefore your business needs to consider its customer identity and access management (CIAM) in the time of coronavirus.
After all, we can say with no hyperbole that managing your CIAM during the coronavirus could make or break your business in the coming months.
CIAM functions in a similar manner to more traditional identity and access management (IAM). Both provide identity security to their user bases, defending against credentials abuse and authentication failures. However, whereas IAM works to secure and verify employees and third-parties, CIAM does so for customers.
Thus, CIAM provides recognizable capabilities such as single sign-on, login authentication protections including multifactor authentication, and session monitoring. Simultaneously, CIAM provides distinct capabilities that traditional IAM would never consider implementing.
These include social sign-on, which uses social media credentials to log in, and password reset self-service in case customers lose or forget them. Since these capabilities could create security vulnerabilities for employees, you need a secure means to provide it to customers.
Furthermore, CIAM can help create a streamlined and personalized digital experience that benefits customers. Unlike employees, you can’t force customers to jump through hoops to verify their identity; attempts to do so only drive away potential customers. In fact, consumers will often judge a company and its products based on the online experience; they could decide to abandon their carts following a poor digital customer experience.
Finally, CIAM helps enterprises collect information on buying habits and purchasing interests. Thus it can facilitate targeted marketing campaigns and personalized experiences. These solutions can securely store this information so hackers cannot steal and exploit it.
So CIAM clearly provides benefits to consumer-facing enterprises. Why does it matter so much in the time of coronavirus? ALERT: Cyber threats don’t rest, even during global pandemics.
According to Marketing Week, 91 percent of brands predict an increase in their use of online services during the coronavirus outbreak. Customer demands on digital marketplaces and retail spaces will put significant pressure on your workflows.
Additionally, the coronavirus may have an impact similar to what happened with the SARS pandemic of 2003. This pushed more people to embrace digital commerce, which has become a vital aspect of consumer-facing business’ bottom line. Now, they potentially face the same paradigm shift, but on an even higher scale.
CIAM can actually help with scalability, assisting with growing your digital environment to match the newfound demand. It can also, as described above, help collect and store customer identity information which can assist with much-needed personalization. Personalization, after all, can help transform first-time customers into recurring customers.
Perhaps most importantly, CIAM during the coronavirus pandemic fortifies the digital perimeter; it helps keep bad actors out of sensitive databases. Hackers prefer to take advantage of troubled times and crises to facilitate their attacks; several studies indicate that they are exploiting the COVID-19 pandemic to take advantage of people’s fears.
Moreover, according to Ping Identity, 81 percent of consumers would stop engaging with a brand online after a data breach. Meanwhile, 63 percent of consumers believe companies are responsible for protecting their data. The long-time viability of your business hinges on its ability to fully authenticate their customers.