Compromised credentials still the culprit in many data breaches

Survey finds access management is a problem in the cloud, companies need to improve perimeter security

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Despite using var­i­ous cyber­se­cu­ri­ty defens­es to pro­tect against new expo­sures from cloud and mobile vec­tors, orga­ni­za­tions are still report­ing data breach­es, includ­ing many caused by com­pro­mised credentials.

The find­ings are part of Cloud Secu­ri­ty Alliance’s Iden­ti­ty Secu­ri­ty Sur­vey Report for which the non­prof­it trade group polled 325 man­agers, C-lev­el exec­u­tives and staffers in the tech­nol­o­gy, finan­cial, edu­ca­tion, man­u­fac­tur­ing and oth­er industries.

The sur­vey also showed that there was no sig­nif­i­cant dif­fer­ence in secu­ri­ty solu­tions used by respon­dents who report­ed a breach and those who didn’t report a breach or didn’t know if one occurred.

John Yeoh, Cloud Security Alliance senior research analyst
John Yeoh, Cloud Secu­ri­ty Alliance senior research analyst

Relat­ed: How the NIST frame­work aids inci­dent response planning

We were hap­py to find that many respon­dents had mul­ti­ple secu­ri­ty solu­tions in place,” says John Yeoh, a senior research ana­lyst at CSA, which aims to raise aware­ness of best prac­tices to ensure a secure cloud com­put­ing environment

Yeoh says that ris­ing imple­men­ta­tion of cyber inci­dent response and recov­ery plans appears to be hav­ing a broad mer­i­to­ri­ous effect. Com­pa­nies appear to be detect­ing and deflect­ing attacks—as well as iden­ti­fy­ing and cur­tail­ing suc­cess­ful intruders—more readily.

Many orga­ni­za­tions are prepar­ing for not just if they are breached, but when they are breached,” Yeoh says.

Even so, attack­ers con­tin­ue to enjoy a high suc­cess rate, and do seem to have pre­ferred tech­niques. About one of every five respon­dents said their orga­ni­za­tion had a data breach, and near­ly 22 per­cent of those who report­ed a breach said it was caused by com­pro­mised credentials.

Three-quar­ters of sur­vey respon­dents were from North and South America,13 per­cent from Europe, the Mid­dle East and Africa and 12 per­cent from Asia, Aus­tralia and the Pacif­ic Islands. Thir­ty per­cent of respon­dents worked for com­pa­nies with one to 1,000 employ­ees, and 24 per­cent of respon­dents worked for com­pa­nies employ­ing more than 50,000 workers.

Chris Webber, Centrify security strategist
Chris Web­ber, Cen­tri­fy secu­ri­ty strategist

Chris Web­ber, a secu­ri­ty strate­gist for Cen­tri­fy, which spon­sored the study, says he actu­al­ly expect­ed a high­er per­cent­age of breach­es from stolen credentials.

I was most sur­prised that we didn’t see more cor­re­la­tion between data breach and com­pro­mised cre­den­tials,” says Web­ber, whose Cal­i­for­nia com­pa­ny secures enter­prise iden­ti­ties against cyber threats and is a CSA member.

Com­pro­mised cre­den­tials a concern

Web­ber points out that Verizon’s 2015 Data Breach Inves­ti­ga­tions Report attrib­uted near­ly 50 per­cent of breach­es to com­pro­mised cre­den­tials, and foren­sic firm Man­di­ant has said that 100 per­cent of the cas­es they inves­ti­gate can be traced to stolen credentials.

There are many ways cre­den­tials can be com­pro­mised, Yeoh notes, includ­ing mal­ware attacks, phish­ing and spear phish­ing schemes, and re-use of pass­words on third-par­ty sites, he says.

The new cloud land­scape exac­er­bates this expo­sure by adding to the com­plex­i­ty and cre­at­ing more options for more peo­ple to access com­pa­ny data.

Cloud solu­tions “con­tin­ue to be adopt­ed at a rapid rate,” accord­ing to the survey’s exec­u­tive sum­ma­ry, “as cloud ser­vice providers offer flex­i­ble com­put­ing and stor­age needs, eas­i­er col­lab­o­ra­tion with inter­nal users and cus­tomers, added secu­ri­ty fea­tures and more.” This enables orga­ni­za­tions “to focus on their core busi­ness functions.”

That’s the bright side of cloud and mobile com­put­ing. How­ev­er, assur­ing the secu­ri­ty of sen­si­tive busi­ness data is becom­ing a height­ened con­cern “as the cost of a data breach is greater than ever,” the sum­ma­ry says. “In addi­tion to the val­ue of the data lost, com­pa­ny rep­u­ta­tion, legal action, finan­cial penal­ties and jobs are at stake. Think­ing out­side the tra­di­tion­al secu­ri­ty perime­ter is nec­es­sary to pro­tect infor­ma­tion from the grow­ing list of threats.”

Chang­ing the perime­ter paradigm

Few­er than 2 per­cent of respon­dents indi­cat­ed they don’t know, or don’t use, any perime­ter-based secu­ri­ty solu­tions. Antivirus, email spam fil­ter, VPN (vir­tu­al pri­vate net­work) and next-gen­er­a­tion fire­wall were used by more than 70 per­cent of respondents.

While I am very glad to see so many respon­dents invest­ed in secur­ing their busi­ness, I still see a strong per­cent­age of busi­ness­es rely­ing on their lega­cy perime­ter secu­ri­ty sys­tems,” Web­ber says. “In today’s increas­ing­ly cloud and mobile world, the ‘perime­ter par­a­digm’ has to change. Over time, I’m sure we’ll see more busi­ness­es deploy­ing secu­ri­ty solu­tions that pro­tect data out­side the firewall—across resources, devices and users.”

Com­pa­nies with under 1,000 employ­ees were less like­ly to have MDM/EMM (mobile device management/enterprise mobile man­age­ment), next-gen­er­a­tion fire­walls, VPN and WAF (web appli­ca­tion fire­wall) than their larg­er coun­ter­parts. “The cost of addi­tion­al ser­vices may play a fac­tor in adop­tion with small­er com­pa­nies,” accord­ing to the sur­vey report.

The sur­vey also found that com­pa­nies “embrac­ing big data solu­tions” also con­sis­tent­ly adopt­ed more perime­ter and iden­ti­ty secu­ri­ty solu­tions. Only 22 per­cent of secu­ri­ty pro­fes­sion­als sur­veyed, though, said they use big data solutions.

Com­pa­nies with more than 50,000 employ­ees were more like­ly to use a big data solu­tion than com­pa­nies with 5,000 or few­er work­ers. And com­pa­nies in North and South Amer­i­ca were more like­ly to use such a solu­tion than their coun­ter­parts in Europe, the Mid­dle East and Africa.

Big data solu­tions will get bigger

Big data solu­tions are quite pop­u­lar and will con­tin­ue to grow, but some com­pa­nies aren’t yet in the busi­ness of data ana­lyt­ics,” Web­ber says.

Yeoh says he expect­ed a high­er per­cent­age of respon­dents would be using big data solu­tions because of “the mas­sive amounts of data being moved through the cloud.

Tra­di­tion­al meth­ods for col­lect­ing and ana­lyz­ing data can­not process larg­er amounts of infor­ma­tion suf­fi­cient­ly,” he says. “We expect to see this per­cent­age of solu­tions for big data to grow rapid­ly in the future, espe­cial­ly as com­pa­nies con­tin­ue to adopt cloud ser­vices. The abil­i­ty to prop­er­ly uti­lize vast amounts of data from mul­ti­ple sources quick­ly and effi­cient­ly should be a pri­or­i­ty for a business.”

Com­pa­nies often “embrace priv­i­leged access man­age­ment,” the sur­vey report says, but are “much less like­ly” to use oth­er options such as shared account pass­word man­age­ment, supe­ruser pass­word man­age­ment, priv­i­leged ses­sion man­age­ment, and priv­i­leged ses­sion record­ing and monitoring.

Larg­er com­pa­nies with more than 50,000 employ­ees were more like­ly to use each of these con­trols than com­pa­nies with few­er than 30,000 employ­ees. In com­pa­nies that imple­ment priv­i­leged access man­age­ment solu­tions to pro­tect pri­vate users, 76 per­cent extend­ed them to out­sourced IT, ven­dors and oth­er third par­ties, the sur­vey found.

More sto­ries relat­ed to data security:
With­out bet­ter data han­dling by pri­va­cy pros, cyber walls will do lit­tle good
Com­pro­mised patient data sets off a new health care crisis
As cyber attack sur­face expands, con­sumers and com­pa­nies face more risk than ever