BeyondTrust, the cybersecurity company dedicated to preventing privilege misuse and stopping unauthorised access, announces that the leverages anonymous vulnerability statistics from BeyondTrust. The company say Data was provided to help classify threats that have not been mitigated on the internet. This data was classified by business vertical, platform, age and vulnerability, and was created from BeyondTrust’s BeyondSaaS cloud-based vulnerability management solution based on Retina vulnerability assessment technology and hosted in Microsoft Azure.
- Breaches based on External actors are on the decline (73% this year), and threats based on insiders are increasing (28% this year). While the gap is still wide, the trend has been consistent for the last four years, indicating organisations need to more seriously consider the insider threat as an attack vector.
- Healthcare breaches increased 81% from 296 in 2016 to 536 in 2017 with a greater insider threat than external threat. Digging deeper into the data, the report shows privilege abuse accounting for 74% of cases. This confirms that privileges are the primary method to conduct a successful attack and that the methods to get them are primarily through hacking techniques.
- Breaches related to privilege misuse in the accommodation industry vertical jumped from 5 in last year’s report to 302 in the 2018 report, a 5,940% increase. Threat actors are following rich data to the money. As with Healthcare, the accommodation vertical is ripe with personal information, including payment, preferences, rewards and more.
“This year’s Verizon DBIR makes it especially clear that organisations need to focus on the security basics like vulnerability management and do better with proactive measures within their control,” says Morey Haber, chief technology officer, BeyondTrust. “Proactive measures such as privilege and password management and the removal of administrator rights lead to meaningful improvements in data breach protection that no one should ignore.
Top five recommendations
The company say organisations can use the following as a guide to strengthen security postures.
- As soon as possible to mitigate the attack surface of external parties seeking to become insiders by leveraging credentials to move laterally throughout an organisations. Lateral movement can lead an attacker to exfiltrate data from a file server or database, which the report tells the company, is much more damaging than owning a single user device.
- Solution that discovers every account in the environment, securely stores and manages credentials, requires an approval process for check-out, monitors activity while checked out, and rotates the credential upon check-in. Look for a workflow-based process for obtaining privileges. If requests happen during normal business hours and within acceptable parameters, set auto-approval rules to enable access without restricting admin productivity. But, if time, day, or location indicators point to something out of band, secure workflows can ensure the access is appropriate.
- Segment your network or implement a secure enclave to ensure all privileged accounts (employees, contractors, and third parties) do not have direct access to manage devices. This model ensures that only approved devices and restricted network paths can be used to communicate with sensitive resources.
- Enforce least privilege across your entire environment by elevating rights to applications on an exception basis, and employing fine-grained policy controls once access is granted can further limit the lateral movement of would-be attackers.
- Implement multi-factor. Multi-factor authentication raises the bar given the number of breaches that involve weak, stolen, or default credentials.
For more information the 2018 version data investigation report.