Like any elite sporting team, the success of an IT team’s breach prevention program relies on a strong defence. The 2013 Seattle Seahawks, 2002 Brazilian soccer team and the 2006-07 San Antonio Spurs are all champion teams known for their defensive proficiency. In many sports, letting as little penetration through a defence as possible, and intercepting the ball before it gets into a threatening position puts teams in the best position for victory. This line of thought translates well to breach prevention, as layers of solutions work together to prevent cyber criminals scoring a goal on an organisation’s data.
Between February and September 2018, over 500 breaches were reported by Australian organisations. Identity and access management (IAM) is a crucial security discipline that exists to ensure that the correct people can get to the necessary resources while proving they are following the mandated procedure. It’s the most effective and proactive method in the fight against breaches. A breach is nothing more than the wrong person in possession of data restricted to them and organisations not finding out about it until it’s too late.
Like all sports teams, getting the basics right is paramount. Breach prevention can feel daunting, but when identity and access management is involved, it’s important to remember the three A’s: Authentication, Authorisation and (Privileged) Access.
Authentication is the process of proving that the person logging on is who they say they are. The easiest way for a threat actor to access an organisation’s IT system is to procure a legitimate login credential such as a password from an unsuspecting user. Often phishing, social engineering, or just plain theft is involved. The network doesn’t know that it’s the wrong person and will allow the hacker to access anything that the legitimate user has permissions to access.
Several IAM tactics and technologies can help to address authentication problems. Effective, but simple password hygiene is key for ensuring efficient authentication processes. Requiring frequent password changes, enforcing strict password policy, and making it easy and attractive for end-users to do the right thing can close many of the gaps that are so easily exploited.
The principal issue with authentication is that employees sometimes have too many passwords to remember. Single sign-on technologies eliminate this problem by enabling users to utilise a single, strong password across the entire range of systems they need to access. Meanwhile, self-service password management tools provide the ability for employees to easily manage their own password resets, whilst ensuring that the password meets strength requirements.
Multi-factor authentication is also necessary for many organisations, such as adding a second layer of protection by requiring an additional form of authentication like a token. Multifactor authentication is like the back line of a soccer team, it’s there to stop any players who make it through the midfield.
Once users can be authenticated, the next step is to control what they are allowed and not allowed to do within a network. Correct authorisation is the key to breach prevention. By deploying effective IAM tools, users will only have access to data they need, rather than having free reign over confidential data they should not be accessing. However, a balance must be struck between provisioning occurring as quickly as possible, while still prioritising security.
It is, perhaps, more important to effectively de-provision to remove old authorisations that are no longer needed or relevant. Terminated employees and contractors who have finished their tenure need to be de-provisioned immediately, otherwise enterprises become at risk of threat actors finding orphaned accounts that retain their access rights. Without effective identity management, organisations cannot be sure who has access to what systems, and whether threat actors are using any of these accounts to access data.
Privileged accounts are like the Ballon d’Or for threat actors because they are tied to systems, not individual uses, so they offer threat actors unrestricted access to an organisation’s systems if they get their hands on one. In comparison, privileged accounts are like the Michael Jordan, Maradona or Don Bradman of a cyber threat; once the offense has access to one of these accounts, cyber security teams find it nearly impossible to stop them and they can cause massive amounts of damage to an organisation’s data and reputation.
Effective privileged access management, therefore, is the highest priority in the breach prevention playbook. IT teams should consider technologies like password vaulting and session recording which assigns individual accountability to privileged access accounts, so user’s actions can be tracked and audited so they can’t operate without consequence. Taking it a step further, user behavioural biometrics can verify that it really is the right individual who is accessing the system, not an attacker impersonating the user with a stolen account.
When all players on the field are on the same page; when each player performs their job with precision, and when the combined efforts of a team unified in purpose and tactics dominate the opposition, winning is easy. Preventing breaches is not a game, but the concepts of unity, purpose, and effort translate to success in the boardroom as well. Only with a comprehensive approach emphasising the IAM concepts of strong authentication, proper and controlled authorisation, and powerful privileged access management can threat actors be held at bay.