In its “2015 Data Breach Investigations Report,” Verizon found that “advanced attacks often start with phishing emails, and a campaign of just 10 emails will typically yield a greater than 90 percent chance that at least one person will become the criminal’s prey.” Additionally, the report showed that in 60 percent of cases, attackers are able to compromise an organization within minutes, and 75 percent of attacks spread from “Victim 0” to “Victim 1” within 24 hours.
Another more disturbing finding is the “detection deficit” between attackers and defenders. According to M-Trends 2016 report, the average number of days that attackers manage to remain incognito on a victim’s network before being discovered has dropped from 205 days in 2014, to 146 in 2015. It is certainly an improvement but the current figure is still alarming. The same report warns that breaches still often go undetected for years.
So, you may be asking yourself – how can this happen? How can it take months or even years for enterprises to detect a breach, despite having state of the art firewalls, anti-viruses and other perimeter security tools in place?
The answer is: unprotected privileged accounts.
Privileged accounts, or administrative accounts, are often referred to as the “keys to the IT kingdom” because of the powerful access they provide users to servers, databases and applications, and the sensitive data housed within. Therefore, it is not surprising that these powerful credentials have been exploited in nearly 100 percent of advanced cyber attacks in the past years, including the highly reported data breach at the U.S. Office of Personnel Management, in 2015, where roughly 21.5 million individuals’ Social Security Numbers and other sensitive information were impacted by the breach, including 5.6 million fingerprints, causing havoc in their systems across the world, and the resignation of PM’s Director, Katherine Archuleta. According to sources, the breach occurred in December 2014 but was only made public in early June the following year.
In today’s world, where cyber attacks are more ingenious and sinister, perimeter security may keep out low-level attacks, and next generation firewalls can slow attacks down, but determined attackers will find a way to exploit the keys to the IT kingdom to get inside the network and masquerade as legitimate insiders.
That is because privileged accounts are everywhere – in every networked device, database, application, server, and social media account on-premises and in the cloud. This reality requires a new layer of security.
Educating employees about cyber security risks and best practices is always a good start, but human error will continue to be a weak link in your strategy, even with best efforts. Attackers will find a way in and take actions to elevate privileges until they achieve their goal – whatever it may be – including financial gain, corporate espionage or simply to send a message.
So, don’t make it easy for them. Reduce your attack surface with a robust privileged account security platform, and keep an eye on threat analytics for early detection and containment. Because, as Robert Mueller, the former FBI Director, said, “there are only two types of companies: those that have been hacked, and those that will be.”
CyberArk is the only security company laser-focused on striking down targeted cyber threats, those that make their way inside to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk is trusted by the world’s leading companies — more than 40% of the Fortune 100 — to protect their highest-value information assets, infrastructure and applications. Learn more about CyberArk Privileged Account Security Platform www.cyberark.com