Lessons to be learned from another data breach
Posted by Courion Corporation on Thu, Feb 23, 2012
Everywhere you look, headlines shouting data breaches abound. Just this month, the Wall Street Journal, eWeek and Techspot have highlighted new details surrounding a decade-long security breach at Nortel Networks. Ten years! Sounds absurd, but by using stolen passwords from top executives, the perpetrators (believed to be working from China) downloaded thousands of company documents including sensitive company information and intellectual property comprising technical papers, R & D reports, business plans and employee emails. This particular example really hits home, showing just how vulnerable organizations are to cyber espionage through user access.
The latest on the Nortel breach, along with the 2011 spear phishing attacks on RSA, The Security Division of EMC, and breaches to the CIA website, U.S. Senate, and government contractors Lockheed Martin and Booz Allen Hamilton, highlight the fact that cyber attacks on U.S. assets are anything but isolated incidents. In fact, these high-profile breaches have led the current U.S. administration to take a hard stance against electronic espionage. Although none of the attacks have been confirmed to be initiated by foreign nations, the Pentagon has declared that any cyber attack against a U.S. asset that is proven to be perpetrated by a foreign power could be interpreted as an act of war and may be answered with measured military force.
The U.K. is taking a strong stance as well. In a recent article, Marc Lee, Courion Director of EMEA Sales, talks about the Information Commissioner’s Office (ICO) highlighting the need for public authorities to step up the development and enforcement of their access risk management policies. This came on the heels of a recent data breach at the Scotland Midlothian Council, which sent confidential and sensitive information on children and their care givers to the wrong recipients.
So while some may think of cyber attacks as acts perpetrated from the “outside,” they’d only be half-right. In many cases, insiders are becoming the biggest risks to the security of critical data. The more vital the information, the more sophisticated and targeted attacks are likely to be. And all of this makes managing access to corporate and public sector resources more important than ever before.
Getting at sensitive data through a user inside an organization – a user who already has all the access rights they need – is not only the most effective way to breach a hardened perimeter defense, but it’s a brilliant way to obfuscate the attack. Organizations need to be on the lookout for “middle man” hackers who may be working for your company, but are really serving as mercenary forces crafting veiled attacks.
Access risk management is a critical aspect of an organization’s Identity and Access Management (IAM) strategy. To that end, companies need to take a closer look at user access within their organizations to ensure that the right people have the right access to the right information and are using that access appropriately. But it’s not enough to know who’s accessing the network -- and verify that the user is approved to do so -- you also need access intelligence to identify and quantify real-time access risk.
While the challenges of managing user access may seem formidable, the result of not managing user access can be devastating. Just ask Nortel.