//
you're reading...
Information Security, IT & TECHNOLOGY

How to Battle Hackers on an Even Plane


ISACA-Logo

In the movie The Untouchables, a hit man pulls a knife to stab Sean Connery, then Connery pulls a shotgun on the hit man. The lesson from this scene is do not bring a knife to a gunfight.

A lot of corporate IT security staff must not have seen this movie. They are bringing knives to the data security fight while hackers bring guns, cannons, tanks and jet fighters.

With increasingly clever malware and phishing tactics, hackers are snagging users login credentials at a frightening pace and gaining access to networks. It can be as easy as exploiting a security hole in a web browser while the user is surfing the web to seize credentials and access privileged services.

While hackers poke, prod and probe networks every hour of the day looking for weaknesses, most corporate IT staff only review access privileges semiannually, quarterly or, if they are particularly diligent, monthly. The reviews are often perfunctory affairs that do not offer much in the way of detection or prevention.

That is not even bringing a knife to a gun fight; that is like remaining at the scene of the crime until the police arrive. Hackers have little fear of getting caught. The hacker who infiltrated Anthem’s customer database was not caught at all; Anthem did not detect the theft until 7 months later.

All of this responsibility does not necessarily have to fall to the corporate IT function. They are doing the best they can with what they have. If IT had to constantly examine and recertify user access with their current access management systems, they would not have time to do anything else. Their systems are typically a patchwork of manual or minimally automated security functions native to individual applications and databases. They do not exist in an integrated data security framework that enables IT to monitor usage of all key resources.

IT does not stand a chance of preventing more Anthem-level data losses until companies automate and analyze. Automating data extraction and cleansing provides a constant stream of user data. Analytical applications spot orphan accounts and irregular usage as they occur, not 7 or more months later. Arming IT with this kind of access management systems mean they are not going into the gunfight with a knife. It means they are ending the fight because the other side knows it cannot win.

Read Chris Sullivan’s recent ISACA Journal article:
Accelerating Access Management to the Speed of Hacks,” ISACA Journal, volume 5, 2015.

[ISACA Journal Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 116,997 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,132 other followers

Twitter Updates

Archives

September 2015
M T W T F S S
« Aug   Oct »
 123456
78910111213
14151617181920
21222324252627
282930  
%d bloggers like this: