It is critical that organisations can identify and know how to respond to the latest vulnerabilities. According to Verizon, the three most pressing threats in today’s environment are identity theft, phishing, and user privileges.
User accounts play a crucial role in enterprise attacks. Organisations should make this a critical part of their security strategy through identity and access management, and multifactor authentication.
1. Identity theft. A classic user identity on the Internet consists of a user name or an e-mail address and a password, protected only by the fact that the user is the only person who knows the password and therefore it is secure. Unfortunately, users frequently have the same, uncomplicated password across multiple accounts and applications, enhancing the risk that, if one account is hacked, all the others can be too, and putting enterprise networks at risk.
2. Phishing. Hackers rely on the good faith of users in phishing attacks by tricking them with social engineering tools. A classic example of this is fake bank emails encouraging users to enter their data on a fake website. Spear phishing is a more sophisticated method that can appear very credible to the user. It is critical to raise employee awareness to protect against these attacks.
3. User privileges. Organisations need to ensure that all individual users have only the access rights they need to exercise their job roles. The fewer people that have privileged accounts, the lower the likelihood of abuse. Furthermore, privileged access should be restricted to the relevant systems by time, eliminating 24×7 access. Lastly, privileged activities should be delivered through a proxy server, so access through approval procedures can be controlled and monitored, and denied if necessary at any time. This reduces the attack surface.
Identity and access management, and multifactor authentication can help organisations mitigate against these attack vendors. Importantly, organisations need to make sure that any solution implemented is user-friendly so that employees don’t look for a workaround.
Peter Fuller, Managing Director – Australia and New Zealand, Micro Focus