There is a story of a man trapped in a deep hole, shouting for help. A second man passing by hears the calls and jumps into the hole with him. “Why did you do that?” the first man asks. “Now we’re both down here!”
“Yes,” the second man replies, “but I’ve been here before, and I know the way out.”
If you feel like you’re in over your head trying to implement cyber security and incident response programs for your organization, you are not alone. Your peers have been there, and their experience and advice can help you to get to where you need to be in 2017.
Don’t reinvent the wheel
The unfortunate reality is that every organization today is a target and must not only secure itself against cyber attacks, but also be prepared to respond to data breaches and other security incidents. Constantly evolving threats exploit long-standing vulnerabilities in the enterprise, and in many instances compromises go for months before detection.
Assume that a breach will occur at some point and be prepared to address it. But forewarned is forearmed, and there is no reason to wait until it occurs or to reinvent the wheel.
In a keynote address at a forum in Boston on the State of Cybersecurity, CyberArk Chairman and CEO Udi Mokady noted that cyber security is a team sport, not an individual competition. As attackers become more organized and share resources, it is important that defenders also share their experiences. Collectively, the community will benefit from the lessons learned rather than starting from scratch as each threat appears.
Lessons learned
What those who have been there already know is that strong controls are needed on privileged accounts and credentials to block intruders and limit their access to critical assets.
Attackers take advantage of common weaknesses in credential management, exploiting the way administrative credentials are stored in memory on Windows machines. Giving unnecessary administrative access to end users and to IT admins, using default passwords or cloning workstation images, allowing the use of the same local administrator password — these are all bad practices that can open up your network and your data to an intruder who has made it past the perimeter.
Once intruders have gained a foothold on a workstation using a stolen admin password, they can move to other workstations using the same password or extract password hashes for recent log-ins from computer memory. Intruders can move not only laterally throughout the system, but they can also escalate privileges to gain access to higher value assets.
The value of experience
The latest CISO View report, which draws on the experience of security experts who were involved in the aftermath of some of the most devastating breaches in the last 24 months, offers a framework for a cyber security sprint that can help your organization rapidly reduce privileged credential risk. This framework, a 30-day sprint to protect privileged credentials, has been reviewed and validated by The CISO View panel: top security executives from ING Bank, CIBC, Rockwell Automation, Lockheed Martin, Starbucks, ANZ Banking Group Limited, CSX Corporation, Monsanto Company, Carlson Wagonlit Travel, SGX, News UK and McKesson.
By leveraging the experience of professionals who have been on the front lines, or have made privileged account security a core part of their security programs, organizations can follow a proven plan to implement essential security controls needed to protect high-risk privileged accounts now, rather than scrambling to put them in place after a breach has occurred.
You don’t have to start from scratch. Take advice from your peers and read “The CISO View report: Rapid Risk Reduction: A 30 Day Sprint to Protect Privileged Credentials.”
