Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

2/12/2020
10:00 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

5 Common Errors That Allow Attackers to Go Undetected

Make these mistakes and invaders might linger in your systems for years.

Although cybersecurity technologies continue evolving to address current threats, many data breaches remain undiscovered for months or even years. For instance, in one of the biggest data breaches discovered in 2018, which affected 500 million customers of the Marriott Hotel Group, hackers went undetected for four years.

How can your organization detect threats faster and reduce the chances of a breach? Unfortunately, there isn't one solution. But we can analyze the root causes of known breaches and learn from them. In this column, we'll examine five common errors that make it easier for attackers to linger in an IT network undiscovered and advice on how to mitigate the risks.

Error 1: Siloed security systems
During their evolution, large companies often undergo multiple mergers and acquisitions. This strategy can boost stock prices, but it can also increase both IT system complexity and data security risks. Notably, the Marriott data breach originally occurred in the reservation system of Starwood, a chain that the hotel giant acquired in 2016. Rather than unifying security controls and improving the detection capabilities of its newly acquired business right after the deal, Marriott appears to have neglected to take action, wasting two years until it discovered the data leak in November 2018.

To avoid this error, organizations should regularly review their IT systems and IT risks, especially during and after a merger or acquisition. In particular, they should discover and classify all sensitive data across their on-premises and cloud storage and take steps to ensure that those files are not overexposed and that they reside only in dedicated safe locations with proper access controls. Organizations should also update their security policies, unify them, and apply them across the entire IT infrastructure. Cross-system software solutions can make this security monitoring easier.

Error 2: Lack of accountability
Many corporations have a complex management structure that leads to poor accountability and lack of visibility into IT security policy development and execution. The infamous Equifax data breach, which remained undetected for 76 days, was made possible by an expired security certificate. A Congressional investigation found that the absence of clear lines of responsibility in Equifax's IT management structure had kept the company from implementing security initiatives in a timely manner, which had led to more than 300 security certificates expiring.

The best way to avoid this error is to have one person responsible for the development and implementation of information security policies. In most cases, it is the chief information security officer (CISO). The CISO should develop clear policies with zones of responsibility and provide IT teams with clear workflows for the security issues for which they are accountable. Another tip is to automate patching, which mitigates the risk that overburdened IT teams will fail to make manual updates promptly. Many experts believe this strategy could have prevented the Equifax data breach.

Error 3: Lack of support from the CEO
If a company's leader does not consider security to be a business goal, IT security teams will likely lack vital strategic direction and resources, including both adequate staffing and modern technologies. As a result, they cannot prioritize security efforts and proactively respond to evolving threats; instead, they are overwhelmed with routine troubleshooting.

Every CEO should recognize that data protection is a crucial business goal and establish a leadership-driven security approach. Regular meetings with the CISO are a must, as are metrics that evaluate the effectiveness of the cybersecurity strategy. Equally important is enabling the IT team to focus on issues that are critical to the safety of the business by investing in modern solutions that automate most security processes and can be scaled up easily as the business grows.

Error 4: Inefficient cybersecurity strategy
Some organizations spend vast sums of money on technologies in an effort to cover all IT risks. However, unless they conduct a thorough risk assessment, they might well have spent their money in vain. For example, a company might spend a lot of money to store and protect its data, including stale data, but miss an unauthorized access to its customer database.

Security efforts should be prioritized. Start with an IT asset inventory that will help to you identify and classify your most crucial information assets, such as data that falls under the General Data Protection Regulation (GDPR). Using that information, develop security policies to appropriately protect data with each level of sensitivity and an effective incident response plan. Last but not least, it's important to set up alerts so you can respond quickly to suspicious activity.

Error 5: No actionable incident response plan
A recent Netwrix study shows that only 17% of organizations test their incident response plans. The remaining 83% have no guarantee that their plan will work out in real life; in case of an incident, they might waste precious time and fail to notify customers and authorities properly.

Initiating a pseudo-cyberattack as a part of penetration testing is a good idea. This will help to determine if your draft plan is effective and ensure that everyone knows exactly what to do if an incident occurs. The results of the test should be used to improve the plan and develop regular practice runs for employees.

Conclusion
The only way for organizations to avoid long-lasting data breaches is to ensure that their cybersecurity strategy is an ongoing focus rather than a one-off exercise that's soon forgotten. A forward-thinking business leader should manage cybersecurity risks on an equal footing with all other business risks and treat cybersecurity as an organizationwide issue. Creating a security-centric culture requires a joint effort by various departments that involves technology, processes, and people. With centralized IT governance and a bird's-eye view of the IT infrastructure, businesses can be far more confident that unauthorized activity will be detected and terminated quickly.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "From 1s & 0s to Wobbly Lines: The Radio Frequency (RF) Security Starter Guide"

Matt Middleton-Leal is General Manager and Chief Security Strategist is at Netwrix, a software company that enables information security and governance professionals to reclaim control over sensitive, regulated and business-critical data, regardless of where it resides. Matt ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
chirurgieesthetiqutunisie
50%
50%
chirurgieesthetiqutunisie,
User Rank: Apprentice
2/12/2020 | 10:21:44 AM
reading
wonderful article
Matt Middleton-Leal Netwrix
50%
50%
Matt Middleton-Leal Netwrix,
User Rank: Apprentice
2/18/2020 | 8:53:43 AM
Re: reading
Many thanks!
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-9349
PUBLISHED: 2020-04-02
The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 allows access to the RTSP service without a password.
CVE-2020-11100
PUBLISHED: 2020-04-02
In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.
CVE-2020-11450
PUBLISHED: 2020-04-02
Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in.
CVE-2020-11451
PUBLISHED: 2020-04-02
The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data. (This is also exploitable via SSRF.)
CVE-2020-11454
PUBLISHED: 2020-04-02
Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard. In order to exploit this vulnerability, a user needs to get access to a shared dashboard or have the ability to create a dashboard on the app...