Top ten points in the fight against cybercrime
by Paul Ayers - VP EMEA at Vormetric - Thursday, 6 February 2014.
At a summit of regulators and intelligence chiefs yesterday, the business secretary, Vince Cable, issued a timely warning to all in attendance of the vulnerability of Britain's essential services to cyber-attack. The regulators, which included representatives from the Bank of England, Civil Aviation Authority, Office of the Nuclear Regulator, Ofgem, Ofwat and Ofcom, were briefed by the head of GCHQ, Sir Ian Lobban, on the threat posed to systems.

Clearly the threat presented by online criminals is now well beyond the realm of big business, financial institutions or even private companies; it now involves industries linked inextricably to our everyday existence – from power operators to telecommunications providers. 

In a joint communiqué, the government and regulators pledged, among other items, to adopt the security standards set by GCHQ’s ‘10 Steps to Improve Cyber Security plan’. Importantly, one step calls out the need to manage the access rights of ‘privileged users’.

The risk presented by unmanaged, and unmonitored, privileged user accounts has rightly leapt to the fore in recent months – not least in thanks to the archetypal example of Edward Snowden. Privileged users – typically assuming the titles of computer system administrators and the like – are a special concern because of the often unhindered access to systems and data typically associated with these roles.

The uncomfortable reality is that privileged insiders exist in every organisation and, while their presence is essential to the running and maintenance of corporate networks, their powerful network access rights often enable their user accounts to perform actions they simply should not be able to. The risk arises when these privileged accounts have access to read, copy or change documents – this is also why they are a strategic and alluring target for perpetrators of cyber-attacks like APTs.

Unfortunately, the swathe of data breaches at the moment are proof enough that far too many organisations are still floundering to protect themselves from abuse of this nature. It’s worthwhile remembering that the breaches affecting both US retailer Target and the Korea Credit Bureau (KCB) in recent weeks involved network access abuse.

Of course, it is not strictly privileged users that pose a threat, but indeed all users that have access to sensitive information. For example, an accountant with access to company financial records or a HR administrator with access to employee data have legitimate access needs, but compromises in these types of accounts can also have serious consequences. Unfortunately, traditional IT security defences are futile in protecting against the security risks posed when privileged user and other accounts are compromised. In effect, the ‘bad guys’ are then already within company walls and their actions are masked behind legitimate user accounts.

It must be remembered that the most valuable data an organisation has typically sits at the server / data centre level and the underlying operating systems in this part of the IT infrastructure have been designed in such a way that there is weak separation of duties between users. Often, the root or system administrators have inherent ‘god mode’ access to the data. Organisations need to ensure they have technology in place that allows users to perform their operational role of running the systems but prevent them accessing the data files themselves.

By choosing solutions that prevent admins from reading or editing the information in data files greatly reduces the risk of a breach.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Mon, Feb 8th