My phone’s been ringing this morning from people wanting to talk about the massive Marriott breach — the revelation that private data associated with up to 500 million people may have been compromised. I’m sure there’s a lot more to learn from the details, but in the meantime, I’ll take a quick minute to jot down some initial thoughts:
In 2004, the Payment Card Industry Data Security Standard (PCI DSS) became a fact of life for organizations that accept payment via credit or debit cards. In that year, the leading card issuers rolled out the first iteration of its security standard, designed to improve protection of payment systems as credit card data became a prime target for cyberattackers. Today, even as organizations have entire teams dedicated to PCI compliance, one consumer business after another—including Macy’s, Adidas, Panera Bread and Chili’s—have been breached, resulting in exposure of cardholder data.
Moody's Cyber Risk Group: “Cyber becomes more and more important.”
On November 12, Moody’s announced its intent to start incorporating in its credit rating method the degree to which an organization faces risk of major impact from a cyberattack. This follows the news, back in February 2018, that the Securities and Exchange Commission issued additional guidance on its requirement that public companies must “inform investors about material cybersecurity risks and incidents,” even if they have not yet been the target of a cyberattack.
Preventing the ability of attackers to perform lateral movement within your network is not only a threat detection function—it’s also a cyber hygiene function. In this blog, we’ll review some of the most common—and invisible—ways that privileged user credentials proliferate in enterprise networks. It’s well understood that domain admin or other high-powered credentials are gold to a cyberattacker. With “keys to the kingdom,” they can move easily and silently from one system to another, change domain attributes, add permissions, change passwords, and connect to any machine in the domain. Most organizations dedicate significant resources to careful management of Active Directory and use various technologies and practices to control access privileges. But our experience shows that even in the most diligent organizations, privileged user credentials are more accessible to attackers than you’d think.
What a difference a year makes.
In 2018, we find deception platforms listed with a “High” Benefits Rating in Gartner’s Hype Cycle for Threat-Facing Technologies, 2018.
With cyber risk an executive- and board-level concern, it's not enough to try to prevent attackers from gaining entry to your network. Advanced, persistent attackers can still get through even the most advanced defenses. Once they're in, they have the arduous task of moving from their initial point of entry to their ultimate target. This is the time when attackers are most vulnerable—and where we, as defenders, have an opportunity to tip the balance in our favor.