Share this article on:
Amid a spate of increasingly sophisticated digital attacks, cyber security experts urge Australian businesses to focus more attention and resources on their cyber security measures. Jim Cook from Attivo Networks explores.
The call comes at a time when the number of malicious attacks continues to rise at an alarming rate. Mounted by anyone from a lone actor to a well-resourced nation-state, even a single attack can bring an organisation to its knees and cause damage and losses that run to millions of dollars.
Led by security organisation AustCyber, the issue is the topic for a week of awareness activities. Australian Cyber Week, which runs from October 25 to 29, comprises a range of events designed to increase understanding and prompt action to address the challenge, making now the perfect time to reflect on recent developments in the cyber security space.
Amid the COVID-19 pandemic, attackers have done an excellent job identifying common vulnerabilities and exploiting these. Ransomware has skyrocketed, as have phishing and other social engineering-based attacks. Third-party attacks have also risen. SolarWinds has been a prominent example, but many other organisations around the globe have suffered significant third-party attacks during the past year.
Evaluating security strategies
Part of what makes many attacks so insidious is that these bypass traditional perimeter protections, entering networks directly and often with perfectly valid credentials. If Australian companies and public-sector organisations want to defend themselves successfully against these attacks, they need to evaluate their security strategies.
During this year’s Australian Cyber Week, organisations can benefit from examining their identity security capabilities and other in-network defences. They should check whether they are protecting their Microsoft Active Directory sufficiently and if existing security tools can identify suspicious behaviour, even from users with valid credentials.
In many cases, it can be difficult to calculate the actual cost of a cyber breach. The 2021 IBM/Ponemon Cost of a Data Breach Report currently places the average cost of a breach at roughly US$4.24 million. However, every breach includes less understood elements that are difficult to quantify. These include reputational damage, customer loss and potential regulatory fallout.
Credentials – a key goal for cyber criminals
According to the 2021 Verizon Data Breach Investigations Report, credential data now factor into 61 per cent of all breaches, and the human element factors into 85 per cent of these. Cyber criminals are going after credentials any way they can, whether by tricking employees into giving these away or finding exposed credentials sitting on unprotected endpoints.
Unfortunately for Australian organisations, obtaining valid credentials often enables attackers to move throughout target networks undetected, as most in-network defences cannot readily identify suspicious behaviour from those it believes to be valid users.
For this reason, it should come as little surprise that Gartner estimates that by 2023, “75 per cent of security failures will result from inadequate management of identities, access and privileges.” Stopping these attacks must therefore be a top priority.
The rise of identity security
There are a range of identity access protection tools on the market, including identity and access management (IAM), privileged access management (PAM), and identity governance and administration (IGA). These speak to the urgency with which today’s organisations seek to shore up their identity security. Australian Cyber Week provides a good opportunity to explore these tools, and all these have to offer.
The above tools generally focus on authorisation and authentication. That is, these make sure the right people have access to the right resources. Unfortunately, it is no longer enough to focus only on provisioning, connecting and controlling identity access in today’s threat landscape. Identity security must also cover credentials, privileges, entitlements and the systems that manage these from exposure visibility to attack detection.
AD and cloud environments have both proven popular targets for cyber criminals. AD’s relative vulnerability and the propensity for cloud misconfigurations drive home the need for tools capable of adding a new layer of protection. Identity detection and response (IDR) and identity visibility solutions considerably boost enterprise identity protection in several ways. These solutions provide visibility into endpoint credential exposures, Active Directory misconfigurations and cloud entitlement creep. These also offer much-needed identity-based attack detection and response functions that other security controls lack.
Identity security will continue to be an area of focus as attackers find new and innovative ways to exploit these vulnerabilities. And as identities continue to expand beyond users and into device, application, server, data and other identities, the value of both IDR and identity exposure visibility tools will only continue to grow.
This Australian Cyber Week is a perfect opportunity to review the security measures your organisation has in place and determine whether more investment is required. Having effective policies and tools in place is the best defence against attacks that you can have.
Jim Cook is the ANZ regional director at Attivo Networks.