By John Worrall
In a recent 60 minutes interview, FBI Director James Comey discussed the current state of threats to U.S. security. Around eight minutes and fifty seconds into the interview, Comey starts to focus on the cyber-security threat and the need to transform the FBI to fight crime and espionage online with this great quote:
“I think of it as kind of an evil layer cake. At the top you have nation state actors, who are trying to break into our systems. Terrorists, organized cyber syndicates, very sophisticated, harvesting people’s personal computers, down to hacktivists, down to criminals.”
The cyber-threat we’re facing is rightfully getting attention at the highest levels. The NY Times reported recently that President Obama has been receiving periodic briefings on major cyber attacks along with his security briefings on physical terrorist attacks.
If security defenses have failed to keep pace with the ‘evil layer cake’ so thoroughly that the President is getting briefed specifically on incidents, what can we do? The most important step is to understand exactly how attacks are being carried out and what makes them so successful at bypassing perimeter security defenses.
The key ingredient in nearly every instance has been privileged credentials. They were critical in the recent banking attacks, they are the fulcrum on which the recent PoS/retail breaches swing, they are the reason intelligence organizations are targeting IT workers, and they were at the heart of the most devastating breaches to the U.S. intelligence community, including Ed Snowden and Chelsea Manning.
Why is this? Since the beginning of time, the best way to steal anything has been to look like you belong and act like an insider. In the digital world, the best way to transform into an insider is by stealing or exploiting privileged accounts. These are the most powerful credentials in any organization, designed to manage network systems, run services, or allow applications to communicate with one another. They are the keys to the IT kingdom.
We have been talking about how critical a security problem privileged accounts are for some time, yet organizations around the world are still leaving these incredibly powerful credentials unprotected and available to hackers. Cyber security is predicated on our ability to starve attackers of information. Until we understand this and lock down the pathways of least resistance, security will remain elusive.