It seems the bigger the brand, the bigger the challenge for external threats to win brownie points amongst their peers. External threats are taking up the challenge to break through the perimeter and target highly prized privileged accounts that often exist on networks in unprotected Word or Excel documents. With access to these accounts a compromise becomes that much easier.
Threats gaining access to privileged accounts...
These organised hubs are patient, persistent and above all, becoming more and more effective at achieving their objectives. With so much leaked information residing in public sources, many highly coordinated hubs are now using this patch work of now public domain information to profile the next phase of attacks. Many organisations don’t even recognise they have been breached until years later when the for sale sign goes up on their data on-line.
External threats are becoming bolder and using a blend of methods to find a way into businesses. It’s no longer about sitting behind the keyboard with a hoodie and code but other, more direct methods have come into play. In early 2016, Business Insider spoke to an unnamed Apple employee in Ireland, who said hackers have offered north of $20,000 for login credentials to Cupertino's internal systems. "I could sell my Apple ID login information online for €20,000 (£15,000, $23,000) tomorrow. That's how hard external threats are trying."
Meanwhile, another former Apple employee told the publication that hackers typically target newer employees. "They look for someone who has jumped diagonally into a junior managerial position, so not a lifer working their way up, and not a lifer who has been there a long time," the source told Business Insider. Apple has reportedly set up an employee security program dubbed "Grow Your Own" to address the issue.
So who's next...
What we know are the breaches that have been reported and until they are, we just don’t know the scale of the problem. What we can be sure of is the external threat remains and it is only a question of time until another great brand becomes the next big news story. We all remember the big ones:
LinkedIn: In 2012, an attack on professional networking site LinkedIn saw the leaking of credentials from 117 million of its user accounts, which were put up for sale in May 2016 for just five Bitcoins (€2.600, £2,300, $3,000).
eBay: Between February and March 2014, the login details of several eBay employees were compromised and hackers gained access to the company’s customers names, email addresses, physical addresses, phone numbers and dates of birth, as well as encrypted passwords.
Carphone Warehouse: In August 2015, phone retailer Carphone Warehouse suffered a cyber attack that compromised the credit card details, names and addresses of up to 2.4 million of its customers.
TalkTalk: The attack on TalkTalk in October 2015 saw the telecoms company breached by four males aged between 15 and 20 years-old. It resulted in the details of 1.2 million customers being exposed and caused the company a massive £60 million (€69m, $78m) loss in revenue and 101,000 subscribers to leave TalkTalk.
Yahoo: The latest headline-making data breach has been the leak of account details of 500 million Yahoo users, following a breach that happened two years ago in 2014. Yahoo has been forced to prompt its affected users to change their security details, as well as the possible threat of litigation also the putting its recent acquisition into question.
So what should brands be doing to protect their reputations?
- Implement an enterprise password management solution to protect privileged accounts, protecting those valued accounts hackers look for to cause maximum damage.
- Implement the right technology that will proactively monitor improper password attempts
- Understand and monitor approved external service providers for password policies and formats to understand the risks and lowest common denominators.
- Proactively monitor for credential dumps relevant to your organisation’s accounts. Consider additional monitoring for high value targets e.g.: executive, non-enterprise accounts.
- Incorporate multi-factor authentication for external facing corporate services. This might include services like Microsoft Outlook Web Access, and Secure Sockets Layer Virtual Private Networks, as well as for software-as-a-service offerings like Google Applications, Office365, and Salesforce.
In light of all of this - the daily battle between brand protection and cyber security - the question arises: how can organisations control, and even prevent, hacker-like behaviour among their workforce, and protect themselves from damaging breaches? WALLIX’s WAB Suite is the most cost-effective, complete and undisruptive of solutions.