Cyber Attacks: What You Need to Know and Do

Posted by Patrick Parker on Fri, Oct 25, 2019

photo-1510915228340-29c85a43dcfe

Unsurprisingly, Verizon’s 2019 Data Breach Investigations Report doesn’t make for comfortable reading.

In 2018:

  • 43% of security breaches involved small businesses
  • 52% involved hacking (69% of the attacks proved to be the work of outsiders)
  • 33% were through social media
  • 28% involved malware.

(Verizon, 2019)

What’s also important to note is that C-level executives were 12 times more likely to be the target of a social engineering incident and nine times more likely to be the target in a breach caused by social engineering. Given this much higher target rate, it’s clear that modern cybercrime organizations are deducing that there’s higher value in a more targeted, high level attack (Barth, 2019).

Unfortunately, for many businesses, and despite the increased risks and chances of hacking, they are still using outdated methods and approaches. What’s worse is that some are even following the same approach to cyber security today as they were a decade or so ago.

As we mention in our Anatomy of a Cyber Attack white paper, that’s simply not going to work in today’s business theater. So much so that

Businesses Should Assume They Have Already Been Hacked and Are Currently Under-Siege

Seriously, that is the best, easiest, and most practical way to look at your security efforts to date.

Suffice it to say that, if information security is something you’ve been lackadaisical with up to now, today’s the day… [you need to change that]. You need to get wise to what’s happening. Before it’s too late.

Yes, there is a lot of information out there (much of it false), and though not having enough information can be fatal, the opposite is also true.  Either one can lead to 3 critical issues:

  • ineffective planning
  • insufficient mitigation of risks
  • inability to recover quickly following a breach.

With that last point, above, you don’t need us to tell you how important your customers are to your business.

In terms of numbers, Bryan Littlefield, CISO of Aviva, said that following a customer data breach, research suggests that of those customers who are thinking of cancelling their account with you, 50% of them actually will (Out-law News, 2015).

That long-standing relationship you’ve been building… destroyed.

That trust level you hold so dear to your heart and have painstakingly nurtured… gone, In an instant.

Cyber Security is Not Something That Only Others Do

Moreover, the days where security was considered to be extraneous or a separate arm of the business are long gone. Indeed, security must work as a  “…flexible and smart strategic asset that constantly delivers to the businesses, and impacts the bottom line.” (Sartin as quoted in Guta, 2019)

We do have more information on cyber-attacks (and you can download our paper at the bottom of this page), but for now we advise you to take this approach:

  1. Assume you’re already under-siege. You need to fight back.
  2. Work inside out. Adopt a defensive posture, start from the core, and ‘clear and secure your lines’, all the way to the external perimeter of your organization.
  3. All the while, rethinking your security approach and how you’re going to make it as hard as possible for the hacker/attacker in the future.

That’s what you need to do.

Naturally, you’re here on our webpage, on our site, so we’re going to offer advice on what works for us (‘us’ being our clients, customers, and partners) and what we ourselves recommend.

Identity Access Management and Zero Trust

We recommend Identity Access Management. In particular, what we call Zero Trust.

Zero Trust follows the 3 fundamental principles of never trust, always verify, and always enforce least privilege. (We have a white paper called Identity is the New Perimeter: Zero Trust is its Firewall where we talk more about that.)

In its simplest form, Zero Trust involves an identity verification and authentication portion. If these are incorrect then the rest fails.

With that in mind, let’s take a closer look at the anatomy of a cyber-attack (if you want to jump straight to the white paper, click here).

Caveat: before we go any further, we’re not for 1 second suggesting that you haven’t been taking security seriously. It’s just that as someone for whom this is our ‘meat and potatoes’ (or bread-and-butter, if you’re British), we know full well how overwhelming security can be.

Not least because of the rate with which the tech is changing, but also because of the myriad of terms and definitions, and all the rest of it.

That’s one of the main reasons we created this white paper. Others include helping you to cut through all that noise, to eliminate that chaff, so you get an easy to read, understand and digest picture off what’s going on.

The Anatomy of a Cyber Attack

The Anatomy of a Cyber Attack white paper covers the following:

  • An overview of cyberattacks and how the landscape is changing. One of the problems of today is that “As businesses embrace new digital ways of working, many are unaware of the new security risks to which they may be exposed” (Sartin, 2019).
  • The architecture of the modern attack, including phishing and social Engineering
  • The danger of local admin privileges and cached passwords
  • Attacks to Kerberos and Active Directory
  • The consumerization of hacking
  • Can we keep the hackers out?
  • Assume breach – now what?
  • Other tips to discourage hackers. These include preventing users from being local admins, avoid group nesting, and use dedicated secure admin workstations for admin tasks, etc.

Understanding what constitutes a cyber-attack is just 1 weapon that you will need in your arsenal: it’s only one of the steps you must take. I hope you’re like me and, when you see people reminiscing on or about the good old days, you smile. I’m happy for them–seriously happy. From my own perspective, life outside of cyber security must seem a trifle mundane. Admittedly, I don’t dwell long, because what we’re seeing and experiencing in cyber security now is unprecedented. Sure, today might be a great day, but let’s use that time wisely and prepare for tomorrow, too.

Click on the link below to download the white paper:

Download the White Paper\

 

References:

Barth, B. (2019, May 9). Verizon Breach Report: Attacks on top executives and cloud-based email services increased in 2018. Retrieved August 19, 2019, from SC Magazine: https://www.scmagazine.com/home/security-news/verizon-breach-report-attacks-on-top-executives-and-cloud-based-email-services-increased-in-2018/

Guta, M. (2019, May 22). 43% of Cyber Attacks Still Target Small Business while Ransomware Stays On the Rise. Retrieved August 19, 2019, from Small Business Trends: https://smallbiztrends.com/2019/05/2019-small-business-cyber-attack-statistics.html

Out-law News. (2015, July 3). Info security professionals are business brand preservationists, says Aviva security chief. Retrieved from Pinsent Masons: https://www.pinsentmasons.com/out-law/news/info-security-professionals-are-business-brand-preservationists-says-aviva-security-chief

Sartin, B. (2019, May 5). C-Suite Beware: You are the latest targets of cybercrime, warns Verizon 2019 Data Breach Investigations Report. Retrieved August 19, 2019, from Verizon: https://www.verizon.com/about/news/verizon-2019-data-breach-investigations

Verizon. (2019). 2019 Data Breach Investigations Report. Retrieved August 22, 2019, from https://enterprise.verizon.com/resources/reports/dbir/

Tags: Data Governance, Identity and Access Management (IAM), Access Governance

Cybersecurity and Why You Cannot Rely on Yesterday’s Tactics

Posted by Patrick Parker on Fri, Oct 25, 2019

RustedLock

“They came on in the same old way – and we defeated them in the same old way.”

Though it could easily be used today, that quote does have rather more deep-rooted origins. The speaker was Arthur Wellesley (though you may know him by his more common titles of The Duke of Wellington and, later, Prime Minister of Great Britain). He spoke those words after his and Field Marshall Blucher’s combined Allied forces had just defeated Napoleon at the Battle of Waterloo.

Without going into the details of the battle itself, the outcome was quite significant in several ways:

  • Napoleon’s tactics at Waterloo were both out of date and inflexible
  • His battle plan lacked finesse, consisting only of repeated ‘in your face’ brute force attacks
  • The outcome of this helped shape the future of Europe for almost 100-years
  • Given ‘The Battle of Waterloo’ was in 1815, it does, in fact, predate the on-going debate about RBAC v ABAC which still persists today.

Okay, that last point is stretching a little white lie (a hint of a joke, as it were). But If you’ll permit me, I’ll tell you 2 specific reasons why it does fall flat on its face:

  • The RBAC v ABAC debate is now in its 22nd year (yes, it began in 1997)
  • Like Napoleon at Waterloo, if you honestly expect to win today’s battle with yesterday’s tactics then you’re going to lose.

Unfortunately, and we know this firsthand, some companies still are using old systems, old methods, and old tactics.

(Please tell us this isn’t you, though?)

Your Attacker is Getting Cleverer

One glance at the news tells you that your attacker is getting cleverer. (It might also be a concern to know that there are a lot more attackers out there since hacker tools became more commercialized. If you want to learn more, then click here to get our The Anatomy of a Cyber Attack white paper.

Make no bones about it, your attacker is getting cleverer, more devious, and increasingly skillful–they’re evolving. And though steam rolling in with brute force methods might be just one part of their plan, unlike Napoleon on that fateful day, we both know they’ll adapt and move on to other means as soon as necessary.

This isn’t hyperbole, either.

You’ve likely seen or heard all of the scare tactics, the dire threats, the ‘end of the earth as we know it’ (if you haven’t, let us know and we’re more than happy to fire some your way).

But here at EmpowerID, where cybersecurity, RBAC and ABAC, and your security is concerned, we prefer to stay a little more grounded. A little more pragmatic.

The Cyber Threats Are Real

But make no mistake…

Don’t think for a minute that the threats aren’t real–because they are.

You and I both know, full well, that your attackers’ plans are evolving continuously.

Unfortunately, the very nature of cybersecurity is that they’re likely to be evolving far faster than you or any of us can ever react.

However, it isn’t all 1-way and isn’t all doom and gloom. There are steps we can take to mitigate this. To limit the chances of them being successful.

We can’t stop them from selecting us as their target, but our goal here, of course, is to make it so difficult that they move onto easier pickings. They turn their attentions and efforts elsewhere.

Let’s not get ahead of ourselves just yet, though…

What Is Your Battle Plan?

A question for you:

When the attackers’ beady little eyes do eventually turn to and focus on you, what exactly is your battle plan?

At Waterloo, Wellington had surveyed that ground years 2 or 3 years before.

We both know we’ll never ever have that luxury.

Then what?

“But we’ll be okay,” said every single security consultant or manager in the world ever. (All the while secretly praying that they’re okay.)

And then they weren’t, of course (okay, that is).

Reading this, you, may very well think that we’re wrong.

If that’s the case, then tune into the media and watch or listen. Turn on your TV or radio, or tune in via your PC, whatever it is you use.

Because if the next security breach is not all over the news today, then it’ll be tomorrow or next week.

It’s only a matter of time.

As realists, we both know it’s coming.

We sincerely hope they’re not talking about you.

White Paper: Identity is the New Perimeter: Zero Trust is its Firewall

To learn more about constructing your organization’s defenses and laying out your battle plans, we have a white paper called ‘’Identity is the New Perimeter: Zero Trust is its Firewall.

In it, we talk about how identity and Zero Trust are where the 21st century battle will occur. Zero Trust is founded on 3 fundamental principles:

  • never trust
  • always verify
  • always enforce least privilege.

Quite simply, when a user attempts to access to your system, they have to verify and authenticate themselves. If they fail either, then they’re denied access.

Click here to download the Identity is the New Perimeter: Zero Trust is its Firewall white paper

 

Tags: Data Governance, Identity and Access Management (IAM), Access Governance

Turkey citizenship database leak highlights need for full database encryption

Posted by Chris Hayes on Tue, Apr 05, 2016

Screen_Shot_04-04-16_at_09.08_AM.png

Citizens of Turkey woke up Monday with the knowledge that a Citizenship Database has been publicly dumped for anyone in the world to download and view.

The dumped database included:

  • National Identifier (TC Kimlik No)Screen_Shot_04-04-16_at_09.06_AM.png
  • First Name
  • Last Name
  • Mother's First Name
  • Father's First Name
  • Gender
  • City of Birth
  • Date of Birth
  • ID Registration City and District
  • Full Address

 

 

This database leak underlines why it is important to encrypt data at rest.  Most IAM projects implement 443 for access to the product, secure DMZ firewalls and Role Based Access Controls but neglect to implement encryption for the identity warehouse.  EmpowerID fully supports encryption of information in our identity warehouse and has been able to validate our latest release 2016 using these same encryption methods.

Notes from the database leaker

EmpowerID utilizes transparent data encryption (TDE) which provides full database-level encryption. TDE is the optimal choice for bulk encryption to meet regulatory compliance or corporate data security standards. TDE works at the file level, which is similar to two Windows® features: the Encrypting File System (EFS) and BitLocker™ Drive Encryption, the new volume-level encryption introduced in Windows Vista®, both of which also encrypt data on the hard drive.  This means that the identity and attribute information stored within EmpowerID will stay secure even if someone gets access to a backup of the database or gets access to the flat files from a server.

To learn more about how EmpowerID can utilize a fully encrypted database just click below.

Request a Demo

 

Tags: Data Governance, Identity and Access Management (IAM), Access Governance

EmpowerID Inserts Intelligence into 2013 SharePoint People Picker

Posted by Chris Hayes on Wed, Jun 24, 2015

EID SP

The SharePoint 2013 People Picker is the tool you use to find and select users, groups and claims to grant someone a permission to a site in SharePoint.  The SharePoint 2013 People Picker is heavily dependent on how authentication is configured for your site so you need to ensure your SAML or claim provider is intelligent.

Don't let this happen to you

All claim providers created equally!

Today the most common issue SharePoint administrators find with an authentication claim provider is that any name you type in the People Picker, SharePoint will accept.  Even worse, with a typical claims provider you can type nonsense and you will see two results, neither of them valid!

Not Valid

Credit:Kirk Evans Microsoft Blog

This is not because the SharePoint People Picker needs to be fixed, it's working as designed, it is a result of the claim provider.

The EmpowerID SharePoint Manager solves this problem, we have created the most intelligent claim provider in the market today.  In doing so we set out to do 4 things which will have a huge impact on the day to day operations of your SharePoint site.


1. Create the most intelligent claim provider in the world.  We didn't stop at providing intelligent responses to the query, we also segregate the data so that delegated administrators can only view results for data that they can see.  This is a very important point, if a business partner administrator wants to grant someone rights to a site the EmpowerID data filtering and masking is still maintained.

Screen Shot 06 24 15 at 10.18 AM

2. Provide SharePoint "web parts".  This is technology that allows users to find new sites and request access to it.  It also allows site administrators to approve site access, all directly within SharePoint.Screen Shot 06 24 15 at 10.09 AM
3. Fully support federated or claims based authentication into SharePoint.  Users can authenticate with EmpowerID, bring their own social identity or use another.

Screen Shot 06 24 15 at 10.03 AM


4. Answer the "Why" question.  Why does someone have access and when was it granted?  The other side a SharePoint claim provider is tracking these finer details.  EmpowerID includes full certification and attestation for SharePoint access, this provides your enterprise with a host of risk controls not previously available.

Screen Shot 06 24 15 at 10.25 AM

Want to know more?

Watch a previously recorded webinar that discusses these points here

click the button to request more information.

Request a Demo
EID SPFull resized 600


Tags: Single Sign-on (SSO), authentication, Governance and Regulatory Compliance, Federation, User provisioning, Data Governance, Attestation, consumers, SAML, SharePoint, Access Governance, SSO

Innovation and Productivity Gains From Identity and Access Management

Posted by Bradford Mandell on Tue, Jul 15, 2014

IAM Innovation

 

Security for identities.  Managing user access to applications.  Auditing user access.

“Ugh”, you might think, “That sounds like more cost, more time, and more responsibility for IT”.

But a platform approach to Identity and Access Management (IAM) that is rich in innovation can result in lower costs, better productivity, and reduced demands for IT resources, while providing managers with better and more timely information.

Take for example a home healthcare provider with $2 billion in revenue and 40,000 employees in 40 states facing constant pressure to reduce costs as a result of declining government reimbursements for their services.  This organization had already used their considerable size advantage to create efficiencies and reduce costs wherever possible.  Then their Chief Security Officer (CSO) conducted a review of IAM technology and presented his management with a plan that would improve the productivity of their employees, reduce the workload on IT, improve the security for patient data and assist their organization in continuing to be a leader in the quality of patient services.

Built from a series of acquisitions in an industry that experiences high turnover, this organization lacked an efficient process for provisioning home healthcare workers into the many web applications they need to perform their work.  The process began with HR creating a manual request for IT to provision a new user into the apps they require, and once this was completed, the new user had to register themselves and create a password in each application. This process was complex and required too much effort for the home healthcare employees to learn and to maintain.

The CSO’s experience with several of the oldest and most installed IAM platforms made him wary of starting a new project with one of them because of their high licensing costs and the difficulty in customizing them to meet an enterprise’s specific needs.  He wanted a solution that would be easier to implement and easier to mantain.

After evaluating multiple products, he chose the EmpowerID platform for its different and innovative approach to Identity and Access Management.  Built on a single codebase with a workflow core and shipping with hundreds of ready to deploy workflows, the CSO was impressed with EmpowerID's broad functionality and its ability to easily design and to automate complex IAM processes with its visual Workflow Designer. 

The CSO determined during a software trial that EmpowerID’s powerful Role-Based Access Control (RBAC) engine could create effective roles based on both an employee’s place in the organizational hierarchy and their location, and it could scale easily for the size of their staff. EmpowerID proved itself to be flexible in also offering Attribute-Based Access Control (ABAC) for their scenarios where the use of contextual policies to govern access is more appropriate. 

He also discovered that EmpowerID’s integrated Single Sign-On (SSO) module federates not only with more recent web applications that natively support SAML authentication, but also with legacy applications that lack SAML capabilities.  Thus he could accommodate all of his user scenarios end to end, from provisioning to access, using EmpowerID, rather than having to integrate two or more applications. 

The CSO concluded that EmpowerID’s “all in one” approach could create the solution they needed in a shorter timeframe with fewer professional services and less risk to their project timeline and budget. The ability to show his management faster ROI helped him to obtain funding for the project. 

EmpowerID’s User, Group and SSO Manager modules were then deployed to provision and to manage federated identity for the application portal, allowing new users to be added within hours, instead of days, and enabling the use of one login by a healthcare provider to access all of their applications. 

New user onboarding was further simplified by creating a feed from the organization’s PeopleSoft HR application to EmpowerID, which in turn creates all the user accounts and access privileges in the applications they need, based on their business role. New users require less training and are ready to go to work as soon as they claim their identity upon first logging into the application portal.

The home healthcare staff appreciate EmpowerID's friendly HTML5 user interfaces that adapt to the screen size of any device they use, whether a tablet or a smartphone, and the reduction in effort to get to their clinical applications, while patients are pleased that less time is consumed by administrative tasks during their scheduled visits. 

EmpowerID’s multi-factor authentication capability (using an OATH token and SMS one time password) was implemented to strengthen system access security and to better protect the privacy of patient data, which is important in meeting regulatory and audit requirements.

EmpowerID also assists the organization’s auditors with data governance – the discipline of ensuring that access to corporate and patient data is secure and is subject to the proper controls. EmpowerID not only improves the quality of data, is also supports configurable Separation of Duties (SOD) policies, attestation procedures and system dashboards for quick visibility of pending tasks and system statistics. EmpowerID provides dozens of reports out of the box and it supports Microsoft’s SQL Reporting Services to quickly provide the information that different users need.

As a result of successfully automating their new user provisioning process and providing a seamless single-sign on experience for its home healthcare staff, this organization is realizing substantial productivity savings that will pay for EmpowerID in a period of just eighteen to twenty-four months. 

The CSO’s vision for a single, flexible platform that could be implemented on-time and within budget to automate and to securely manage multiple aspects of the enterprise, creating new efficiencies and cost-savings, has been fully realized with EmpowerID's deployment.

Ranked by KuppingerCole as a Product Leader, Innovation Leader and Overall Leader in their recent Leadership Compass for Identity Provisioning, EmpowerID helps diverse organizations across the globe improve identity security and access governance, increase productivity, lower costs, and improve service delivery through its innovative and cost-effective approach to IAM. 

 

Learn More about IAM Cost Savings with EmpowerID

Tags: Single Sign-on (SSO), Active Directory, GRC, Group Management, Governance and Regulatory Compliance, Identity Management, User provisioning, Data Governance, Attestation, Separation of Duties, Password management, Identity and Access Management (IAM), Access Governance