Every year over the past decade has seen a variety of successful hacking attempts and data breaches at companies both large and small, and 2019 has been no different. Here are three of the top data breaches this year, along with some observations on how privileged access management (PAM) might have helped to mitigate or even possibly have prevented these breaches.
First American Financial data breach
Exposed in May of 2019, insurance provider First American Financial discovered a major breach of their records going back a whopping 16 years. A poorly-designed web application had what the company referred to as a "design defect" which allowed public access to almost 900,000,000 sensitive financial documents, including wire transfer documents, driver’s license images, tax records, and essentially any other document that might be held by a mortgage closing company like First American. In the aftermath, First American Financial has been drawn into quite a number of lawsuits, including a Class-Action suit, and the SEC is investigating the incident.
How PAM Might Have Helped
Every one of the exposed documents was sensitive in nature, and should have been handled that way. Each document should have had privileged access requirements attached such that anyone attempting to access a document would have had to not only properly authenticate who they were, but also that they had the appropriate privileges for access.
Since the vulnerability was such that anyone with a link to a valid document could effectively bounce to any other document simply by changing the document ID in the URL, a basic PAM safeguard of requiring access permissions would have stopped these lateral moves and prevented discovery of all of the other unprotected documents.
Capital One data breach
Not just one of the biggest data breaches of 2019, but one of the biggest of all time. A misconfigured firewall allowed a hacker to gain entry into the network, and from there to bounce until they found a trove of unencrypted usernames and passwords. They were then able to use those passwords to access a wide variety of sensitive information affecting somewhere around 100 million consumers in the United States alone.
How PAM Might Have Helped
Leaving aside the issue of the misconfigured firewall, which is its own problem, a robust Privileged Access Management solution would have helped on three fronts:
- Real-time session monitoring could have caught and detected the unusual session activity of the hacker as they bounced around inside the network looking for things that they could exploit, and would have automatically terminated such sessions while alerting Capital One’s security team.
- Because a PAM solution, by nature, serves to oversee which users have access to which resources, it is likely that even once the hacker gained access, he wouldn't have been able to bounce from one resource to the next as other network resources are invisible to those without access privileges.
- And even with the stolen user credentials which may have been granted privileged access, PAM requires that users not only prove who they are through integrated Multi-Factor Authentication (MFA), but also checks for circumstances surrounding privileged access attempts. The time, the IP location, the variety of resources sought would all have been caught as unauthorized and thus access would have been denied even though the credentials were otherwise valid.
Georgia Tech database breach
In its second known breach in less than a year, Georgia Tech announced in April that over a period of three months, an entity outside of Georgia Tech was able to access one of the school’s central databases. As a result, the information on more than 1.3 million students, alumni, faculty, and staff was exposed, in a cruel twist of irony for a university renowned for its computer science program.
How PAM Might Have Helped
Although Georgia Tech has been mostly silent on the exact details of this breach, the fact that it was perpetrated by outside entities reveals how PAM might have helped. As with the Capital One breach, even if the hackers had somehow gained otherwise-legitimate login credentials, a Privileged Access Management system would have been monitoring for inappropriate circumstances around attempts to access the sensitive database. Furthermore, a strong PAM solution hides the very existence of sensitive resources to which a user does not have privileged access -- so if the hackers were in the system with credentials that would otherwise not have allowed database access, they would not have been able to even see it, much less to query against it and retrieve personal information.
How Privileged Access Management Stops Breaches
Because unauthorized access is a high-reward, low-risk endeavour, hackers will continue to seek out and find new ways of gaining access to high-value and sensitive resources. To defend against the unknown, a robust PAM solution is constantly monitoring a wide variety of factors surrounding attempts at privileged access to sensitive resources. With granular, streamlined, and centralized control over the granting and revoking of access privileges to IT admin users, combined with password rotation and powerful session monitoring capabilities, PAM stops would-be data breaches in their tracks. When combined, the combination of session monitoring, multi-factor authentication validation, and privileged access validation provide a defense in depth that can go a long way toward mitigating or preventing data breaches -- even when the specific attack vectors are not yet known.