Far more cybersecurity focus should be redirected inward if modern enterprises want to seriously address today's most nefarious threats, according to the database security professionals at DB Networks. Specifically, enterprises need to understand the tremendous value of compromised credentials and that it's the stealing of those credentials that is the goal of most initial cyber attacks. Once credentials are compromised, an extremely large attack surface is opened up. Security analysts concur that insider threats are on the rise and the time is now to focus on these risks.
"There's a strong consensus within the cybersecurity industry that the insider threat is quickly becoming the most dangerous threat," said Brett Helm, Chairman and CEO of DB Networks. "Credentials are the keys to the digital kingdom, as many firms who have ended up on the wrong side of a cyberattack can attest. Unfortunately, security practices are typically behind the curve in this regard. What's needed now is a sea change shift in how enterprises think about the insider threat and compromised credentials specifically."
Cybersecurity firm Mandiant has reported that 100% of its most recent incident responses have dealt with some form of insider threat. A Verizon study, meanwhile, revealed that 95% of security breaches involved harvesting credentials and then using those credentials to log into web applications to steal personal data. Even more troubling from the point of view of enterprises is that insider threats generally leave more damage in their wake, not to mention the tarnished public image when a company loses sensitive customer data to cyber thieves.
A common misconception about insider threats is they require a "rogue" employee or even simply a careless employee to download malware or click on a website that opens the network to outsiders. In fact, insider threats as a whole are far more complicated and varied, which makes planning for and responding to them a significant challenge. Outside attackers have numerous tools at their disposal to steal employee credentials. With those credentials in hand, the outsider essentially becomes an insider. While training programs must naturally be geared to making employees aware of such dangers, training alone can't mitigate the vast majority of insider threats.
Preventing insider threats against data center assets begins with a database assessment – an organization cannot protect assets of which it is unaware. The next step is to develop a clear picture of normal network activity behavior such that suspicious behavior can be identified. Intelligent monitoring can immediately detect unusual activity indicative of compromised credentials so that the situation can be mitigated before valuable data is compromised.
"Organizations seeking cutting-edge security must begin to turn their attention away from simply guarding the perimeter fences," concluded Helm. "At this point the most pernicious threats are already on the inside. Security staff must treat administrative credentials like the golden tickets they are, implementing systems that immediately identify compromised credentials."
