What Harry Potter Teaches Us about Constant Vigilance and Insider Threats

July 25, 2018 Katie Curtin-Mestre

The character of Mad Eye Moody in “Harry Potter and the Goblet of Fire” preached “constant vigilance” against dark wizards, even as he was a villain in disguise. The real Mad Eye Moody had been kidnapped and locked in a trunk for an entire year, while an imposter assumed his form and took on his role as the defense against the dark arts teacher at Hogwarts School of Witchcraft and Wizardry. Not only was he an imposter, but he was a dark wizard, one of Lord Voldemort’s most loyal followers determined to take Harry out and restore Voldemort to full power.

“Constant vigilance” is sage advice for businesses too. With the threat of malicious insiders, undetected attackers moving around a network and other risks to mitigate, there is no “one-and-done” solution in security. Industry research such as the 2018 Verizon Data Breach Investigations Report (DBIR) helps the collective community keep an eye on trends and glean insights from lessons learned to get ahead of potential vulnerabilities before they become problems. A few key trends identified in the report caught my eye.

In manufacturing, notable trends include targeted attacks and intellectual property theft.  According to the report, cyber espionage accounted for 31 percent of all breaches in manufacturing. This number is down from last year, but cyber espionage remains a very real threat to the industry. Attackers go after manufacturing targets with a specific purpose in mind, choosing victims with valuable trade secrets and intellectual property. Once this sensitive information has been exfiltrated, competitors can use it against the victim on the market—a different approach than directly siphoning funds, but still ultimately results in financial gain for the attackers.

In the healthcare industry, the story of the year (keeping in line with previous years) is not just about outside attackers, but about insiders as well. Ransomware remains prevalent, though not at the constant onslaught that many people perceive. According to the report, most companies receive malware on six or fewer days a year. However, it only takes ONE successful ransomware attack to bring an organization to its knees. And while the security industry tends to focus on data being stolen by outside attackers, it’s important to pay attention to what is going on within the organization as well. This year’s report indicates there are many cases in which employees are misusing their accounts, whether intentionally or by accident. As such, employees with access to data beyond their role within the organization can become problematic.

Within healthcare, the report notes that employees sometimes misuse their credentials to access information they do not need in order to accomplish their tasks. For example, employees might search for a celebrity patient’s records out of curiosity, or “just for fun.” This type of activity underscores the importance of following least privilege principles, coupled with application control, as well as implementing privileged session monitoring capabilities. For even without malicious intent, the misuse of credentials can be just as damaging as stolen credentials, causing compliance and regulatory violations.

Many parts of the report apply across industries. While the report indicates that 78 percent of people didn’t click on a single phishing link all year (which is promising news), phishing and pretexting remain popular attack methods. Attackers only need one employee to click a link and open the door for the attacker to enter. Once an attacker has stolen credentials, they can maneuver within the network, escalating levels of privilege until they have the access they need to wreak the havoc they intend.

The report’s emphasis on education—making sure that employees are trained to identify and report social attacks such as phishing—is one important line of defense. Knowing what to look for is half the battle. However, it is imperative to have a strategy beyond education that prioritizes privileged access security. It remains just as important now as in recent years to practice least privilege principles along with privileged access management. Together, this provides businesses with a dramatically reduced attack surface. A focus on privileged access security  hygiene is also critical for an effective cyber security program. Tactics such as multi-factor authentication, vaulting and rotating sensitive credentials can help protect powerful accounts within the organization.

In the wizarding world, posting Dementors at the gates and hoping for the best simply isn’t enough. We can only hope that Hogwarts re-evaluated security in the post-Harry Potter era, considering the number of times Lord Voldemort and his cronies managed to break through the castle walls, sometimes even completely undetected. Cyber security is not magic. It takes strategy, planning and collaboration to reduce cyber security risk.  Not only must we be able to recognize the attackers outside the organization, but we must also guard against overreaching scope and seemingly innocent employees from becoming the attacker within. “Constant vigilance” includes protecting privileged access from the dark wizards of the cyber world. Contact us to learn more about how to protect your castle from the threat of dark cyber wizards.

Previous Article
Insider Threats Come In All Shapes and Sizes
Insider Threats Come In All Shapes and Sizes

Verizon’s 2018 Data Breach Investigation Report indicates that 68 percent of data breaches take two or more...

Next Article
Cracking Service Account Passwords with Kerberoasting
Cracking Service Account Passwords with Kerberoasting

Threat detection is a hot topic in security today. By now, most recognize it’s important to manage administ...