How secure are you? Well, now is the time to find out. October is Cybersecurity Awareness Month, which aims to raise awareness of the important role cybersecurity plays in ensuring both businesses and individuals have the appropriate tools to defend themselves against the latest innovations and techniques being devised by cybercriminals to target sensitive accounts, information and identities.
Even though this initiative is in its eighteenth year, there’s always something to learn. The pandemic’s knock-on effects have brought numerous challenges for businesses, especially when it comes to security, which has taken a hit as business pivoted to COVID-induced digital transformation, much of which was undertaken at high speed. The increase in high-profile attacks in recent months targeting the supply chain in particular – including Solarwinds and Codecov – as well as an increase in ransomware attacks, serves as evidence of the convergence of hacker innovation, and of attackers recognizing – and exploiting - the increased digital threat surface.
All of this has meant protecting against cybersecurity risk has taken on a greater sense of urgency – something that’s especially true as identity-related risk is also on the rise. Cybercriminals are becoming more proficient in stealing valuable credentials in particular, whether IT admins or business users, to target and break into sensitive and valuable areas of an organization.
How then, this Cybersecurity Awareness Month, can organizations understand and envisage the best way to protect valuable credentials and stop attackers from getting the network access they are after? Here we explain in more detail, using nightclubbing as an example, to show you how to best protect your organization.
Passing the bouncer on the door
Getting into a nightclub is all about showing that you’re going to be an acceptable part of the environment. A wannabee partygoer might struggle to get past nightclub bouncers for any number of reasons, including wearing the ‘wrong’ clothing, exhibiting bad behavior in the queue or lacking sufficient/valid credentials. Sometimes underage revelers will bring a fake ID, duping bouncers into allowing them entry.
Think of controls like Privileged Access Management (PAM) as the ultimate ‘gatekeeper’ for who gets access to what, where and for how long. For example, there are minimum requirements for users to gain initial access; often a username/password at the most basic level. These first-level credential requirements are not particularly secure and can be bypassed, much like some revelers who successfully bypass doormen with fake IDs. This fallibility makes further authentication a must to properly defend the organization’s key information and resources.
The right access for the right people
A night out at a club wouldn’t go so well without bar staff. These employees need access to staff-only areas such as the area behind the bar, the staff room and storage areas to pour drinks, mix signature cocktails, replenish bottles, and review stock lists. Some of these areas will require some form of access key to enter. Only trusted staff should be provided access to these areas to prevent any pilfering.
Certain areas of IT infrastructures operate on a similar model, with these access keys allowing system admins to make changes to system or applications, add or remove users, or delete data. Sometimes these ‘super users’ will be domain admins; people that extensive access across the network. These are super critical to monitor and secure. Unsurprisingly, gaining access to the credentials – and therefore the privileged access - of these users represents the highlight of a cybercriminal’s night out…and it’s game over for the organization if this happens.
Whether it is from a legitimate employees posing a threat or an external threat actors, PAM helps manage and secure network access and, using the principle of least privilege, only grants admin-level access to those who need to use it to perform their role.
Nightclubs often have VIP areas that clubbers access either by paying extra to enter, or through having sufficient (‘celebrity’) status as an individual. Extra security staff often guard VIP areas to retain their prestige and prevent the less-exalted amongst us from entering. Essentially, only those with legitimate access are welcome.
‘VIP areas’ for organizations equate to those resources that are typically extremely limited in terms of who is allowed access to them. Your ‘normal’ user will not be allowed to interface with a company’s sensitive IP, HR information, or non-public financial results. Only those users with escalated privileges – VIPs, in other words – should have access to them, and even then, this should be tightly controlled. Attackers routinely seek to escalate privileges in order to access critical assets and data.
Going where you’re not allowed… risk getting barred
Things don’t always go as planned during a night out. People try to get to where they shouldn’t, crashing other peoples’ reserved tables, or trying to blag their way into the VIP lounge. The staff may ask some partygoers to leave the club because of their undesirable behavior. They may even be barred from ever returning to the club.
Compare this to a third-party contract ending, a consultant’s project finishing, or simply those who try and access a part of the network or an asset that they shouldn’t have access to. Once this happens, their privileged access becomes a potential security risk. Retaining it is undesirable and unnecessary; it should be de-provisioned immediately to shut off any chance of an attacker exploiting unused credentials or access. In the case of someone trying to get to where they shouldn’t be, that’s something that needs shutting down immediately.
Applying appropriate security measures
So how do organizations know where privileged access exists, and in turn, secure it? In a nightclub, a club manager and team are tasked with observing everything that’s going on. Security cameras and staff scan the dancefloor and restricted areas, watching for incidents and ensuring that all is running seamlessly. In business, this is the IT security team. PAM allows full visibility of access to critical data and assets, and can monitor, grant and revoke that access when needed. Adopting appropriate cybersecurity measures to secure credential-based access is essential for organizations wanting to protect their business from disruption or loss.
As nightclubs enjoy the chance to more fully open their doors, many of us are recalling our great – or not-so-great – nights out. What most party-goers likely don’t realize is just how much security and planning it takes to ensure a smooth night out for everyone. Whether it’s the bouncers keeping out the trouble-makers, the staff keeping you entertained and your drinks topped up, or those monitoring the correct access into the VIP areas. Companies should consider adopting the same layers of security, in the form of PAM, to allow their employees, customers and suppliers get safely back on the proverbial dancefloor.
Rich Turner, SVP EMEA, CyberArk