Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Connect Directly
E-Mail vvv

5 Common Errors That Allow Attackers to Go Undetected

Make these mistakes and invaders might linger in your systems for years.

Although cybersecurity technologies continue evolving to address current threats, many data breaches remain undiscovered for months or even years. For instance, in one of the biggest data breaches discovered in 2018, which affected 500 million customers of the Marriott Hotel Group, hackers went undetected for four years.

How can your organization detect threats faster and reduce the chances of a breach? Unfortunately, there isn't one solution. But we can analyze the root causes of known breaches and learn from them. In this column, we'll examine five common errors that make it easier for attackers to linger in an IT network undiscovered and advice on how to mitigate the risks.

Error 1: Siloed security systems
During their evolution, large companies often undergo multiple mergers and acquisitions. This strategy can boost stock prices, but it can also increase both IT system complexity and data security risks. Notably, the Marriott data breach originally occurred in the reservation system of Starwood, a chain that the hotel giant acquired in 2016. Rather than unifying security controls and improving the detection capabilities of its newly acquired business right after the deal, Marriott appears to have neglected to take action, wasting two years until it discovered the data leak in November 2018.

To avoid this error, organizations should regularly review their IT systems and IT risks, especially during and after a merger or acquisition. In particular, they should discover and classify all sensitive data across their on-premises and cloud storage and take steps to ensure that those files are not overexposed and that they reside only in dedicated safe locations with proper access controls. Organizations should also update their security policies, unify them, and apply them across the entire IT infrastructure. Cross-system software solutions can make this security monitoring easier.

Error 2: Lack of accountability
Many corporations have a complex management structure that leads to poor accountability and lack of visibility into IT security policy development and execution. The infamous Equifax data breach, which remained undetected for 76 days, was made possible by an expired security certificate. A Congressional investigation found that the absence of clear lines of responsibility in Equifax's IT management structure had kept the company from implementing security initiatives in a timely manner, which had led to more than 300 security certificates expiring.

The best way to avoid this error is to have one person responsible for the development and implementation of information security policies. In most cases, it is the chief information security officer (CISO). The CISO should develop clear policies with zones of responsibility and provide IT teams with clear workflows for the security issues for which they are accountable. Another tip is to automate patching, which mitigates the risk that overburdened IT teams will fail to make manual updates promptly. Many experts believe this strategy could have prevented the Equifax data breach.

Error 3: Lack of support from the CEO
If a company's leader does not consider security to be a business goal, IT security teams will likely lack vital strategic direction and resources, including both adequate staffing and modern technologies. As a result, they cannot prioritize security efforts and proactively respond to evolving threats; instead, they are overwhelmed with routine troubleshooting.

Every CEO should recognize that data protection is a crucial business goal and establish a leadership-driven security approach. Regular meetings with the CISO are a must, as are metrics that evaluate the effectiveness of the cybersecurity strategy. Equally important is enabling the IT team to focus on issues that are critical to the safety of the business by investing in modern solutions that automate most security processes and can be scaled up easily as the business grows.

Error 4: Inefficient cybersecurity strategy
Some organizations spend vast sums of money on technologies in an effort to cover all IT risks. However, unless they conduct a thorough risk assessment, they might well have spent their money in vain. For example, a company might spend a lot of money to store and protect its data, including stale data, but miss an unauthorized access to its customer database.

Security efforts should be prioritized. Start with an IT asset inventory that will help to you identify and classify your most crucial information assets, such as data that falls under the General Data Protection Regulation (GDPR). Using that information, develop security policies to appropriately protect data with each level of sensitivity and an effective incident response plan. Last but not least, it's important to set up alerts so you can respond quickly to suspicious activity.

Error 5: No actionable incident response plan
A recent Netwrix study shows that only 17% of organizations test their incident response plans. The remaining 83% have no guarantee that their plan will work out in real life; in case of an incident, they might waste precious time and fail to notify customers and authorities properly.

Initiating a pseudo-cyberattack as a part of penetration testing is a good idea. This will help to determine if your draft plan is effective and ensure that everyone knows exactly what to do if an incident occurs. The results of the test should be used to improve the plan and develop regular practice runs for employees.

The only way for organizations to avoid long-lasting data breaches is to ensure that their cybersecurity strategy is an ongoing focus rather than a one-off exercise that's soon forgotten. A forward-thinking business leader should manage cybersecurity risks on an equal footing with all other business risks and treat cybersecurity as an organizationwide issue. Creating a security-centric culture requires a joint effort by various departments that involves technology, processes, and people. With centralized IT governance and a bird's-eye view of the IT infrastructure, businesses can be far more confident that unauthorized activity will be detected and terminated quickly.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "From 1s & 0s to Wobbly Lines: The Radio Frequency (RF) Security Starter Guide"

Matt Middleton-Leal is General Manager and Chief Security Strategist is at Netwrix, a software company that enables information security and governance professionals to reclaim control over sensitive, regulated and business-critical data, regardless of where it resides. Matt ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Matt Middleton-Leal Netwrix
Matt Middleton-Leal Netwrix,
User Rank: Apprentice
2/18/2020 | 8:53:43 AM
Re: reading
Many thanks!
User Rank: Apprentice
2/12/2020 | 10:21:44 AM
wonderful article
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/2/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-02
Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual channels. If a userconnects to a malicious or compromised RDP server, a series ofspecially-crafted PDUs could result in memory corruption, possiblyallowing arbitrary code to be executed...
PUBLISHED: 2020-07-02
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attack...
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the command displayed in NGINX Controller user interface (UI) to fetch the agent installer, the server TLS certificate is not verified.
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic Transport System (NATS) messaging services in use by the NGINX Controller do not require any form of authentication, so any successful connection would be authorized.
PUBLISHED: 2020-07-02
In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller installer starts the download of Kubernetes packages from an HTTP URL On Debian/Ubuntu system.