Cyber Threat Investigators Identify “Signature” of Most Dangerous Cyber Attacks
By John Worrall
Organizations are under constant threat of attack, yet few truly understand how they’re being attacked until it’s too late. They find themselves knee deep in the post-attack forensics effort before they really understand how cyber attackers operate and how to defend against them. This has to change if we want to stem the tide of damaging cyber attacks.
This is why CyberArk assembled a coalition of some of the world’s most experienced and knowledgeable cyber attack investigators, who were willing to share what they have learned from years of experience. That experience can help us all better understand the strategies and tactics of our adversaries. Armed with this information, we can mount a much more effective defense and detection program to stop attacks before serious damage to the business is done.
Published today, CyberArk’s inaugural threat report identifies the compromise and misuse of privileged accounts as a key signature across targeted cyber attacks and security breaches.
Developed in cooperation with Cisco Talos Security Intelligence, Deloitte Financial Advisory Service, Deloitte & Touche Cyber Risk Services, Mandiant (a FireEye company), the Advanced Cyber Defense team at RSA and the Verizon RISK Team, the report analyzed the forensic experiences of these companies as they investigated the world’s most serious security breaches.
The report covers a wide range of first-hand accounts, learnings and warnings from which to build more effective defenses – far too many for this blog post and I encourage you to read it for yourself. Taken together, the experiences of these threat response organizations clearly outline that the battleground has moved inside the network and the first thing attackers will do is look to steal and exploit privileged access.
It’s more important than ever that organizations change their mindset and start looking at privileged account security as the new first line of defense. Protecting the enterprise starts by locking down these ‘all access passes’ that enable attackers to traverse a network without hindrances, destroy evidence of their activities, and establish redundant access points and backdoors that make it nearly impossible to keep them off your internal networks.
We’ll be blogging more about the report in the coming weeks, however, you can read the full report now. It is available for free here: www.cyberark.com/threat-report