Time to Expire Phishing Strikes and Security Breaches

Time to Expire Phishing Strikes and Security Breaches

Detect cyber attacks before they score.

In studying timelines of enterprise security breaches, organizations must shift their focus. Rather than firewalls and perimeter defense, the real damage occurs once inside. The longer cyber thieves remain unexposed the greater the cost. The 2015 Verizon Breach Report indicates 45% of attacks are initiated by phishing.

As a response, enterprises readily invest in enhanced perimeter security. In reacting, organizations fail to address the more significant vulnerability. According to the Ponemon Institute’s 2015 Cost of Cyber Crime study, breaches go undetected for 46 days on average. They cost an average of $1.9 million or over $41K per day.

Another study, Mandiant 2015 View from the Front Lines, puts average detection at 205 days. If this is the case, the cost reaches close to $8.5 million. Regardless, the studies show organizations must actively seek to minimize an attack’s duration. As the numbers indicate, inside detection isn’t where enterprises focus.

For Cyber Espionage and Targeted Attacks Time Matters

Cyber espionage targets select individuals and groups within an organization. Spooks phish for identities with access to sensitive information and intellectual property. Once inside a network, they move laterally from computers to servers. Over time, authentication credentials and passwords are collected for access to sensitive systems.

Targeted attacks are used to penetrate large enterprises and government agencies. They also take aim at specific groups and individuals. Anyone with access to highly sensitive information maybe sought. Cyber thieves creep on social engineering and social networks for advanced phishing ideas. They continue after detection and removal by using newly stolen credentials.

Firewalls cannot stop every phishing attempt. Breaches, however, usually require time to take hold. The problem facing companies becomes avoiding disasters when breaches go undetected. Once attackers establish a foothold, they seek legitimate credentials especially privileged access. They try to create new credentials with higher access levels. With stolen credentials, hacks begin masquerading as real users. They blend their activities with legitimate ones attempting to go unnoticed as long as possible.

Identity Management Controls Prevent Using Stolen Credentials

Identity management offers several tools to prevent using stolen credentials. Single sign-on (SSO), multifactor authentication and risk scoring wherever credentials are used. This includes logging into an enterprise and accessing on-premise and cloud applications.

Web Access Single Sign-On

Web access single sign-on (SSO) provides an app store for SaaS and cloud access. Web access SSO helps safeguard an identity by preventing a password’s reuse across applications. When a system’s credentials are obtained, they are less likely to work elsewhere. With web access SSO, users remember only one password. SSO simplifies enforcing a strong password policy and regular password updates. Web access SSO reduces the risks of credentials being guessed and reused. Web SSO shortens the period credentials can be compromised. Consider for a moment. When you enforce password management policies, you establish a breach’s maximum length.

When SSO credentials are stolen, attackers gain access to multiple systems. For this reason, implement web SSO in combination with strong authentication.

Multifactor and Two-Factor Authentication

Multifactor authentication limits the usefulness of stolen credentials. Usernames and passwords provide a cost-effective quick method of security. They’re also easy to exploit and enable activities to go unnoticed.

Multifactor authentication increases the protection associated with passwords by enforcing strong authentication. Multifactor authentication makes a stolen user ID and passwords worthless. It requires an attacker to possess or access added factors. Traditionally, Two-factor solutions rely on hardware tokens and smart cards. These solutions involve licensing fees, administration, and overhead.

To address these barriers, modern two-factor and multifactor solutions support various authentication methods. They provide configurable workflows meeting an organization’s user requirements and budget. They leverage trusted phone numbers, SMS, voice, external email, questions, and time-based one-time passwords (TOTPs).

Risk Scoring for Real-Time Decisions

Help desk professionals often lack data needed to make real-time security decisions. They require actionable intelligence for fast decisions and effective incident response. A risk score can automatically add an authentication factor or block access. Risk scores are based on security events and correlated to an organization’s security policy.

Stolen credential attacks can often be traced back to the actions of a live person. Privileged credentials by default carry a high-risk score. This measure can trigger proactive security controls. When identities with high-risk scores make requests, alerts can notify security staff. They can direct response teams to an attack’s source in real time. Risk scores also flag users for immediate de-provisioning and account terminations.

Organizations need to shift their focus from solely on prevention to more critical phases of an attack. They need solutions and processes to detect stolen credentials and lateral movement. Identity management assists in preventing suspicious activities and stopping user threats. It enforces strong password policies via web access single sign-on. An Identity manager provides additional layers of security through strong authentication. It uses risk scores to alert service professionals of high-risk employees and events.

Companies frequently associate more complex security controls with reduced productivity. According to Juniper Research, global data breach costs are estimated to reach $2.1 trillion by 2019. By 2020, the average cost per incident is to exceed $150 million. With brand, revenue, fines and lost clients considered, identity management is clearly a steal.

Get the Top 10 Identity Manager Migration Best Practices Workbook

top 10 identity manager migration best practicesStart your migration from legacy software with the Top 10 Identity Manager Migration Best Practices Workbook. Use this workbook to think through your information security risk before you transition to next generation identity manager software.

Request the Workbook

Written by Thomas Edgerton

Thomas Edgerton, Avatier's MVP award-winning Market Analyst and Performance Consultant in information technology, IT security, instructional technology and human factors, blogs on topics ranging from leadership to national security, innovation and deconstructing the future.​