It may be a bit premature for a security-year- in-review themed post, but as we move into Q4 perhaps it’s appropriate to at least assess 2013’s security threats and trends to date. To do so, let’s turn back to this SC Magazine article published early this year by AT&T security researchers.
The article detailed the top 10 perceived challenges information security professionals were likely to encounter this year. Some of the challenges – #2 DDOS attacks, for example – could ostensibly apply to any given year. Others, like #3 cloud migration, have come into prominence this year.
For our purposes, we want to look at the article’s number one identified 2013 information security challenge – state-sponsored espionage. We will also touch on two other common security concerns: password management and insider threats.
The author of the article identified this issue as the top information security threat of 2013. And yes, 2013 has indeed been an active year for state-sponsored attacks and espionage. Alleged attacks attributed to North Korean and Syrian hackers followed major international geopolitical incidents involving both nations.
Earlier this year our company identified the state-sponsored attacker as such a significant security threat to critical national infrastructure and government agencies that we conducted our own research into this topic. In our State Sponsored Attack Survey report we learned that nearly 58% of information security professionals think that the US is losing the battle against state-sponsored attacks; and 74% are not even confident that their own networks have never been breached by a foreign state-sponsored attack.
And with nearly 63% of the same respondents thinking that a state-sponsored attacker will attempt to breach their organization in the next six months, this issue is likely to top the list of security threats in 2014 too.
“Our challenge is putting in place and enforcing stronger user-controlled passwords that are less likely to be broken,” the article states. True enough, but we’d argue that real password management must account for the high-powered privileged passwords, like administrator and root, which are found in all large networks.
Using privileged credentials, an unauthorized individual or malicious program can access highly sensitive IT assets, change system configuration settings, and extract critical data. And they can do so anonymously. Conventional password management products can’t handle this challenge.
What’s the recourse? Privileged identity management software that can automatically locate all privileged accounts throughout the enterprise, provide each account with its own unique and complex password, and then audit all usage of these passwords.
Insider threats: “A dissatisfied employee base provides a vector for insider security events,” the writer notes. This summer’s Edward Snowden affair demonstrates the point aptly.
We’ve covered insider threats frequently on this blog. One of our favorite mantras is “too many people have too much access to too much data”.
Access to highly sensitive systems should be granted only on a need-to-know basis, for a limited time to audited personnel. Privileged identity management solutions, discussed above, are one method to accomplish this. Also consider privileged user management and SIEM technology. And don’t forget to account for former employees and contractors. Just because someone is no longer employeed doesn’t mean that he or she can’t still access their former accounts.
It would seem that 2013’s security threats are proceeding as predicted. Looking ahead, what are your best guesses for 2014’s security challenges? Leave a comment below.
You can follow us on Twitter.