Combating Cyber Security Threats



Similar documents
Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

Ensuring Compliance to Sarbanes-Oxley through Privileged Identity & Information Management. White Paper. V Balasubramanian. ZOHO Corp.

IT Compliance Volume II

Data Security Incident Response Plan. [Insert Organization Name]

Preparing for a Cyber Attack PROTECT YOUR PEOPLE AND INFORMATION WITH SYMANTEC SECURITY SOLUTIONS

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

Basic Techniques to prevent Identity Theft and Cybercrime

PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker

Data Security Best Practices. White Paper

Society for Information Management

Austin Peay State University

FIVE KEY CONSIDERATIONS FOR ENABLING PRIVACY IN HEALTH INFORMATION EXCHANGES

WEB ATTACKS AND COUNTERMEASURES

7 VITAL FACTS ABOUT HEALTHCARE BREACHES.

Seven Things To Consider When Evaluating Privileged Account Security Solutions

A New Layer of Security to Protect Critical Infrastructure from Advanced Cyber Attacks. Alex Leemon, Sr. Manager

Fortify. Securing Your Entire Software Portfolio

Impact of Data Breaches

WRITTEN TESTIMONY BEFORE THE HEARING ON PROTECTING PERSONAL CONSUMER INFORMATION FROM CYBER ATTACKS AND DATA BREACHES MARCH 26, :30 PM

Beyond passwords: Protect the mobile enterprise with smarter security solutions

External Supplier Control Requirements

ITAR Compliance Best Practices Guide

HIPAA: MANAGING ACCESS TO SYSTEMS STORING ephi WITH SECRET SERVER

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

Zero Trust. Privileged Access Management

ALERT LOGIC FOR HIPAA COMPLIANCE

Securing Remote Vendor Access with Privileged Account Security

The Impact of Cybercrime on Business

Application Security Testing. Generic Test Strategy

What Do You Mean My Cloud Data Isn t Secure?

Global IT Security Risks: 2012

SecureAge SecureDs Data Breach Prevention Solution

Internet threats: steps to security for your small business

Network Security and the Small Business

NATIONAL CYBER SECURITY AWARENESS MONTH

Passing PCI Compliance How to Address the Application Security Mandates

Table of Contents. Page 2/13

Usher Mobile Identity for Higher Education Institutions. Rebecca Parks Associate Product Manager, MicroStrategy

SUPPORTSOFT ACCOUNT MANAGER

GFI White Paper PCI-DSS compliance and GFI Software products

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

SECURING YOUR SMALL BUSINESS. Principles of information security and risk management

16 CLOUD APPS YOU NEED TO KNOW IF EMPLOYEES ARE USING

WHITE PAPER Usher Mobile Identity Platform

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

HealthCare.gov: Consequences of Stolen Identity. Testimony of Michael Gregg before the US House Committee on Science, Space, and Technology.

Presented by Evan Sylvester, CISSP

isheriff CLOUD SECURITY

Cyber Security An Exercise in Predicting the Future

WHITE PAPER. The Need for Wireless Intrusion Prevention in Retail Networks

Information Technology Security Review April 16, 2012

Digital Barracuda Information Security Reports that the Risk from Viruses and Worms is Only the Tip of the Iceberg FACT SHEET

Belmont Savings Bank. Are there Hackers at the gate? 2013 Wolf & Company, P.C.

Mobile Security Threats: Get Ready for 2016

Pass-the-Hash. Solution Brief

Environmental Management Consolidated Business Center (EMCBC) Subject: Cyber Security Incident Response

Hackers are here. Where are you?

THE LOGICAL CHOICE FOR ONLINE DATA PROTECTION. Brought to you by

2014 Entry Form (Complete one for each entry.) Fill out the entry name exactly as you want it listed in the program.

Primer TROUBLE IN YOUR INBOX 5 FACTS EVERY SMALL BUSINESS SHOULD KNOW ABOUT -BASED THREATS

Information Security Services

REGULATIONS FOR THE SECURITY OF INTERNET BANKING

How To Protect Your Business From A Cyber Attack

OCT Training & Technology Solutions Training@qc.cuny.edu (718)

DATA BREACHES: WHEN COMPLIANCE IS NOT ENOUGH

Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

Don t Fall Victim to Cybercrime:

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer

Anatomy of a Healthcare Data Breach

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

The Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention

Database Auditing: Best Practices. Rob Barnes, CISA Director of Security, Risk and Compliance Operations

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

LIGC-ACC Presentation November 9, 2015

WHAT YOU NEED TO KNOW ABOUT CYBER SECURITY

10 Smart Ideas for. Keeping Data Safe. From Hackers

Cybercrime in Canadian Criminal Law

How are we keeping Hackers away from our UCD networks and computer systems?

Remote Access Securing Your Employees Out of the Office

Hackers are here. Where are you?

Data Security for the Hospitality

Anatomy of a Data Breach: Why Breaches Happen and What to Do About It

Next Generation Jump Servers for Industrial Control Systems

SOLUTION BRIEF SEPTEMBER Healthcare Security Solutions: Protecting your Organization, Patients, and Information

EC-Council Certified Security Analyst (ECSA)

How To Protect Yourself From Cyber Threats

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

Avoiding insider threats to enterprise security

WHY DOES MY SPEED MONITORING GRAPH SHOW -1 IN THE TOOLTIP? 2 HOW CAN I CHANGE MY PREFERENCES FOR UPTIME AND SPEED MONITORING 2

Online security. Defeating cybercriminals. Protecting online banking clients in a rapidly evolving online environment. The threat.

Getting a Secure Intranet

The Impact of HIPAA and HITECH

Cyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology

Multi-Factor Authentication

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

CSI/FBI 2000 COMPUTER CRIME AND SECURITY SURVEY

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

A Websense Research Brief Prevent Data Loss and Comply with Payment Card Industry Data Security Standards

Best Practices for Information Security and IT Governance. A Management Perspective

Transcription:

Threat, Threat Everywhere; Cyber-Criminals on the Prowl Combating Cyber Security Threats V Balasubramanian, ManageEngine ManageEngine (A Division of ZOHO Corp.)

2 Abstract Of late, cyber-criminal activities across the globe have assumed such grave proportions that all enterprises - big and small, are exposed to security breaches and identity thefts of various kinds. Many sabotage were found to have been caused by the insiders of the enterprises - either disgruntled staff or greedy techies or sacked employees. As stolen identities seem to have served as the hacking channel for many cyber-crimes, improper management of the administrative passwords is believed to be at the root of a good number of security threats. This paper discusses the causes of security incidents in detail and suggests ways to effectively tackle the challenge.

3 Contents Increasing Cyber Security Attacks The Challenge. 4 Security Incidents: Causes.. 6 Administrative Passwords Scenario Today.. 6 The Solution.... 8

4 Increasing Cyber Security Attacks The Challenge If Samuel Taylor Coleridge were alive today, he would have probably rephrased his immortal lines Water, water everywhere, ne any drop to drink as Threat, Threat Everywhere, Cyber criminals on the prowl! Of late, cyber-criminal activities across the globe have assumed such grave proportions that all organizations - big and small, are exposed to security breaches and identity thefts. Let us take a quick look at some of the major cyber-crimes happened recently: A trader allegedly stole the passwords of IT operators of a reputed European Financial Services Company and racked up a mountain of fraudulent trades that created financial loss to the tune of $ 7 billion to the company. This incident is considered one of the largest cyber-frauds in the history. In San Francisco, a disgruntled network administrator allegedly planted network devices that enabled illegal remote access to the Fiber Optic Wide Area Network and eventually changed the passwords of servers and devices. He refused to hand over the new passwords to the IT administrators. As a result, other staff of the organization could not access the network, not to mention the financial loss that stemmed from the episode A cyber-mafia hacked the network of an international hotel chain, used the credentials of an employee and reportedly hacked the personal data of millions of customers of the hotel chain. The stolen data includes addresses, telephone numbers, credit card details, and places of employment The employee of a hugely popular social networking site was using the same password for many of his online accounts. It came in handy for a hacker, who got hold of the password, gained access to the network of the social networking site and released their sensitive business documents publicly The personal information of about a half-a-million residents in Germany was freely viewed on the internet due to an exposed password A former Network Engineer of a health clinic in San Diego was sentenced to 63 months of imprisonment for intentionally damaging the protected computers by disabling the automatic backup database containing patient information The identity theft from a reputed discounts stores chain in USA and Canada reportedly made hackers to gain access to customer information related to at least 45.7 million credit and debit cards

5 The list of cyber-crimes and security incidents will go on and on and will fill volumes, if one were to point out all. Still worse, a good number of security incidents are not revealed for fear loss of reputation. The above list however gives an indication of the magnitude of the problem. It also indicates that: Businesses of all types financial firms, healthcare institutions, federal agencies, service organizations, hospitality sector, educational institutions, hi-tech enterprises and all sizes are impacted Establishment of intrusion detection systems and other security infrastructure alone could not effectively combat security incidents In many incidents, disgruntled insiders had acted with malicious intent and caused the damage In many incidents, disgruntled insiders had acted with malicious intent and caused the damage. By and large, the perpetrators have stolen the digital identities of others to creep in to the network and wreak havoc. By and large, the perpetrators have stolen the digital identities of others to creep in to the network and wreak havoc The security incidents have resulted in huge financial loss and damage of reputation to the enterprises Percentage of cyber-incidents reported to US-Computer Emergency Readiness Team during FY06-08 Denial of Service 1% Unauthorized Access 18% Under Investigation 33% Malicious Code 14% Scans, Probes & Attempted Access 12% Improper Usage 22% Source: United States Government Accountability Office Study, May, 5, 2009

6 Security Incidents - Causes Past trends show that the exact cause of most of the security incidents goes unreported. Of course, there have been instances where the culprits had been brought to book and their modus-operandi revealed to the outer world. But, the fact remains that exact cause of most of the incidents remains a secret, unfortunately. Traditionally, keylogger trojans (which monitors keystrokes, logs them to a file and sends them to remote attackers), cross-site scripting (which enables malicious attackers to inject client-side script into web pages viewed by other users and exploit the information to bypass access controls) and viruses have mostly acted as the security attack channels. However, of late, as stolen identities seem to have served as the hacking channel for most of the cyber-criminals, analysts generally believe that improper management of the Administrative Passwords, which are often aptly referred as Keys to the Kingdom, is at the root of many security threats. Another harsh fact is that many a sabotage had been caused by the insiders of the enterprises. Either disgruntled staff or greedy techies or sacked employees were involved in many of the security incidents. That means, in this hi-tech era, breach of trust could occur anywhere, anytime leading to serious consequences. Quite often, lack of well-defined internal controls and access restrictions pave the way for security incidents. Of late, as stolen identities seem to have served as the hacking channel for most of the cyber-criminals, analysts generally believe that improper management of the Administrative Passwords, which are often aptly referred as Keys to the Kingdom, is at the root of many security threats. Administrative Passwords Scenario Today Before analyzing the causes further, let us dwell on the current scenario. How administrative passwords are being handled in enterprises? If truth be told, even many big enterprises do not have any effective password management system in place at all. Employees follow their own, haphazard way of maintaining the passwords; there is rarely any meaningful management. Sensitive passwords are stored in volatile sources such as text files, spread sheets, printouts etc.,

7 Many copies of the administrative passwords are circulated among the administrators who require them for their job functions. The passwords thus become impersonal in the shared environment no accountability for actions When other members of the organization such as developers, database administrators and support personnel require access to IT resources, passwords are generally transmitted over word of mouth The administrative passwords mostly remain unchanged for fear of inviting system lockout issues Still worse, most resources are assigned the same, nonunique password for ease of coordination among administrators There is rarely any internal control on password access or usage. Administrators freely get access to the passwords of all the resources in the organization There is generally no trace on who accessed what resources and when. This creates lack of accountability for actions If an administrator leaves the organization, it is quite possible that he/she may be getting out with a copy of all the passwords From the foregoing, it is clear that the haphazard style of password management makes the enterprise a paradise for hackers internal or external. The haphazard style of password management makes the enterprise a paradise for hackers internal or external. Unfortunately, enterprises generally do not tend to attach importance to this crucial aspect of administrative password management until a security incident or identity breach rocks the enterprise. This negligence often proves costly. Unfortunately, enterprises generally do not tend to attach importance to this crucial aspect of administrative password management until a security incident or identity breach rocks the enterprise. This negligence often proves costly. Many security breaches like the ones discussed above might have stemmed from lack of adequate password management policies and internal controls. Analysts strongly believe that most of the security incidents are actually avoidable by placing access restrictions and welldefined password policies.

8 The Solution Take preventive action, safeguard your data With cyber-threats looming large, enterprises should think of taking preventive action by strengthening internal controls. Manual processes and home-grown tools may not be able to provide the desired level of security and controls. It is pertinent to quote here a recent research report by Gartner: Manual procedures for managing shared account passwords can be intrusive, interrupting normal operations and unacceptably delaying the resolution of problems. These procedures can also be fragile, failing to consistently deliver the desired level of control and accountability and exposing organizations to insider threats. (Source: Gartner, Inc., "MarketScope for Shared-Account/Software-Account Password Management", Ant Allan, Perry Carpenter, 16 June 2009). One of the effective ways to achieve internal controls is to deploy a Privileged Password Management Solution that could replace manual processes and help achieve highest level of security for the data. One of the effective ways to achieve internal controls is to deploy a Privileged Password Management Solution that could replace manual processes and help achieve highest level of security for the data. Privileged Password Managers help enterprises safeguard their data and thereby avoid security incidents in multiple ways than one: Administrative passwords can be stored in a centralized repository in encrypted form this helps avoid storing of the passwords in volatile resources. Even if someone manages to get hold of the password database, data cannot be deciphered Role-based, granular access restrictions can be enforced administrators and other users get access only to the passwords that are allotted to them, not all passwords Passwords can be selectively shared with others on need basis - sharing passwords by word of mouth completely avoided Passwords can be automatically changed at periodic intervals assigning a strong, unique password to each resource hackers cannot make wild guesses For enhanced internal controls, administrators / users may even be prevented from viewing the passwords in plain text. Instead, they could be directed to just click a URL to directly access the resource

Number of Incidents Threat, Threat Everywhere; Cyber-Criminals on the Prowl 9 Users requiring temporary access to the passwords can be directed to follow password request-release workflow granting time-limited access. After revoking the permission, passwords can be automatically reset this prevents users getting access to the passwords that are no longer required for them All password access activities are completely audited this helps monitor the usage of privileged identities and fix accountability issues when something goes wrong. It also helps the enterprise meet regulatory compliance requirements Real-time alerts on password actions help administrators continuously track and control the administrative passwords If an administrator leaves the organization, passwords owned / accessed by them can be transferred to some other administrator and the passwords could be automatically reset this helps avoid possible misuse of the passwords by disgruntled users Number of Cyber Incidents Reported to US-CERT During the Fiscals 2006, 2008 18000 16000 14000 12000 10000 8000 6000 4000 2000 0 FY 2006 FY 2008 Number of Incidents 5503 16843 Source: United States Government Accountability Office Study, May, 5, 2009 Researchers repeatedly point out that identity theft incidents are on the rise and it will only keep growing due to many reasons, including economic situation, social factors and technological advancements that make the tech-savvy criminals more creative every passing day.

10 Not all security incidents could be prevented or avoided; nor could privileged password management software act as the panacea for all cyber security incidents. But, the security incidents that happen due to lack of effective internal controls are indeed preventable. Enterprises should take preventive action to combat cyber-criminals. Otherwise, enterprises might end up locking the stable after the horse has bolted! Introducing Password Manager Pro (PMP) is a web-based, secure vault for storing and managing shared sensitive information such as passwords, documents and digital identities of enterprises. It helps control the access to shared administrative passwords of any 'enterprise resource' such as servers, databases, network devices, applications etc. PMP enables IT managers to enforce standard password management practices. For more details, visit http://www.passwordmanagerpro.com A Division of ZOHO Corp. (formerly AdventNet Inc.) Phone: +1-925 - 924-9500 Website: http://www.passwordmanagerpro.com For Queries: passwordmanagerpro - support@manageengine.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information