If your business uses Information Technology then you run the risk of your “accounts”, especially those with higher privileges, being used to exploit your most sensitive information and critical systems. Unauthorized privileged access gives individuals the power to alter your data, change the configuration of applications and infrastructure and have the potential to cause you irreparable reputational and financial damage.
Historically Cyber Criminals have had their eyes firmly set on your businesses most valuable assets and the monetary value it holds. This represents a potential revenue stream and can be used to fund future attacks. To gain access they have utilized an array of tactics including email harvesting, Imposter Message attacks, attached files or website links delivering Malware and Ransomware and Phishing lures. However, this doesn’t cover the entire online environment… doing business online in 2022 is becoming even more complex.
Global Instability, Hacktivism and Cyber Warfare
The United Nations Under-Secretary-General for Political and Peacebuilding Affairs, Rosemary DiCarlo has said that the Global COVID pandemic’s impact on peace and security has intensified, exacerbating inequality and corruption; breeding misinformation, stigmatization and hate speech; and creating new flashpoints for tension and increased risks of global instability.
An analysis published by risk consultancy Verisk Maplecroft expects this fallout to continue, forecasting that 88 countries in both the developed and developing world are likely to experience more political instability by 2023. This is primarily driven by fading legitimacy of governments and intensifying civil unrest.
Running parallel to this is an increased level of hacktivism, or hacking into systems for politically or socially motivated purposes. Hacktivists perform acts, such as defacing an organizations website and leaking sensitive or commercial in confidence information. These activities are undertaken with the intent of gaining visibility and disrupting or exposing the inner workings of targeted governments and private organisations. Sometimes in the name of transparency and the greater public good (not that we endorse this).
And then we have the increased evidence of Nation-State backed Cyber warfare, in the form of a cyber-attacks or series of attacks targeting specific countries. These have the very real potential to wreak havoc on governments and civilian infrastructure, disrupting critical systems, resulting in damage to the state and loss of life.
Recent and ongoing conflicts and instability in Eastern-Europe, South-Central and East Asia are having a real impact on global stability, the security of your digital and physical assets, and ability to maintain normal business operations. Known cyber criminal groups have recently publicly pledged support for some governments and are threatening to conduct campaigns in retaliation for offensives against other governments. Based on the timing of these campaigns they are likely in support of military offensives.
What Should You Do?
United States, United Kingdom, Canadian, Australian and New Zealand cybersecurity authorities are urging businesses to prepare for and mitigate potential cyber threats including destructive Malware, Ransomware, Distributed Denial of Service (DDoS) attacks, and Cyber Espionage by hardening their cyber defences and performing due diligence in identifying indicators of malicious activity.
Businesses should prioritise the following activities to help defend against malicious cyber activity:
- Apply patches for applications and devices, with internet-facing services the priority. Continue to monitor for relevant vulnerabilities and security patches and apply these as a high priority.
- Implement mitigations against phishing and spear phishing attacks. Disable Microsoft Office based macros by default and limit user privileges. Ensure staff understand they must report all suspicious emails received, links clicked, or documents opened.
- Enforce the use of Complex Passwords and Multifactor Authentication. Have unique Password Credentials, manage them and assess the level of risk in providing access to privileged accounts or highly confidential password credentials, to your employees.
- Secure and monitor Remote Desktop Protocol (RDP). Bad actors and cyber criminals have methods of identifying and exploiting vulnerable RDP sessions via the Internet to steal identities, credentials and even install / launch Ransomware attacks.
- Review logging and detection systems to ensure they are up to date and functioning correctly. Again, prioritize internet-facing and critical network services, ensuring logs are centrally stored.
- Socialize Incident Response and Business Continuity Plans. Ensure these are up to date and incorporate responses to network compromises and disruptive or destructive activity such as Ransomware and Malware. Ensure plans are accessible even if systems are down.
Where can Passwordstate Help?
Passwordstate is a secure and flexible Enterprise Password Management System. It enables your IT and Security staff to access and share sensitive password credentials using Role Based Access Control (RBAC) and with full auditing. It allows you to,
- Centralise control of, and allow secure access to, your sensitive credentials,
- Audit who is accessing your privileged credentials and when are they doing it,
- Provide access credentials and other information based on an employee’s role,
- Quickly change passwords when an employee leaves,
- Ensure critical passwords aren’t being copied, changed or exported for other uses,
- Manage password resources on discreet networks,
- Store all passwords securely, and,
- Access to your passwords when you really need them.
If you don’t have an Enterprise Password Management System (like Passwordstate) you should look at doing your research and trial of a product as a high priority! Remember, breaches are real and the resultant stolen credentials typically end up in interactive databases making the selection and targeting of individuals and businesses even easier! Once you’ve selected a product and installed it,
- Stop reusing passwords and usernames across multiple accounts. Phishing attacks target Help Desk Staff, Accounts Payable Clerks, Middle Management and IT workers with increased privileges. Setup password strength policies and generators to create unique, strong passwords every time.
- Regularly reset your passwords automatically. Don’t keep the same passwords for ever. If you’ve got lots of accounts then stagger resets to make it manageable. Automatically generate and save updated passwords back to your centralized password vault when changing them online.
- Implement 2 Factor Authentication where it makes sense. View your accounts as assets and manage them based on risk and impact. Banking Accounts and System Administrators Privileged Accounts should always have 2FA enabled. Even if your credentials are compromised others can’t access the account if you use 2FA.
With the increased global instability, hacktivism, cyber threats and cyber warfare, could your business survive if any unmanaged privileged accounts were compromised? Now isn’t the time to forget about managing your Privileged Credentials. Managing your Privileged Credentials is now more important than ever.
If you would like to share your feedback, we’d love to hear it. Just email it through to support@clickstudios.com.au.