Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

2/12/2020
10:00 AM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

5 Common Errors That Allow Attackers to Go Undetected

Make these mistakes and invaders might linger in your systems for years.

Although cybersecurity technologies continue evolving to address current threats, many data breaches remain undiscovered for months or even years. For instance, in one of the biggest data breaches discovered in 2018, which affected 500 million customers of the Marriott Hotel Group, hackers went undetected for four years.

How can your organization detect threats faster and reduce the chances of a breach? Unfortunately, there isn't one solution. But we can analyze the root causes of known breaches and learn from them. In this column, we'll examine five common errors that make it easier for attackers to linger in an IT network undiscovered and advice on how to mitigate the risks.

Error 1: Siloed security systems
During their evolution, large companies often undergo multiple mergers and acquisitions. This strategy can boost stock prices, but it can also increase both IT system complexity and data security risks. Notably, the Marriott data breach originally occurred in the reservation system of Starwood, a chain that the hotel giant acquired in 2016. Rather than unifying security controls and improving the detection capabilities of its newly acquired business right after the deal, Marriott appears to have neglected to take action, wasting two years until it discovered the data leak in November 2018.

To avoid this error, organizations should regularly review their IT systems and IT risks, especially during and after a merger or acquisition. In particular, they should discover and classify all sensitive data across their on-premises and cloud storage and take steps to ensure that those files are not overexposed and that they reside only in dedicated safe locations with proper access controls. Organizations should also update their security policies, unify them, and apply them across the entire IT infrastructure. Cross-system software solutions can make this security monitoring easier.

Error 2: Lack of accountability
Many corporations have a complex management structure that leads to poor accountability and lack of visibility into IT security policy development and execution. The infamous Equifax data breach, which remained undetected for 76 days, was made possible by an expired security certificate. A Congressional investigation found that the absence of clear lines of responsibility in Equifax's IT management structure had kept the company from implementing security initiatives in a timely manner, which had led to more than 300 security certificates expiring.

The best way to avoid this error is to have one person responsible for the development and implementation of information security policies. In most cases, it is the chief information security officer (CISO). The CISO should develop clear policies with zones of responsibility and provide IT teams with clear workflows for the security issues for which they are accountable. Another tip is to automate patching, which mitigates the risk that overburdened IT teams will fail to make manual updates promptly. Many experts believe this strategy could have prevented the Equifax data breach.

Error 3: Lack of support from the CEO
If a company's leader does not consider security to be a business goal, IT security teams will likely lack vital strategic direction and resources, including both adequate staffing and modern technologies. As a result, they cannot prioritize security efforts and proactively respond to evolving threats; instead, they are overwhelmed with routine troubleshooting.

Every CEO should recognize that data protection is a crucial business goal and establish a leadership-driven security approach. Regular meetings with the CISO are a must, as are metrics that evaluate the effectiveness of the cybersecurity strategy. Equally important is enabling the IT team to focus on issues that are critical to the safety of the business by investing in modern solutions that automate most security processes and can be scaled up easily as the business grows.

Error 4: Inefficient cybersecurity strategy
Some organizations spend vast sums of money on technologies in an effort to cover all IT risks. However, unless they conduct a thorough risk assessment, they might well have spent their money in vain. For example, a company might spend a lot of money to store and protect its data, including stale data, but miss an unauthorized access to its customer database.

Security efforts should be prioritized. Start with an IT asset inventory that will help to you identify and classify your most crucial information assets, such as data that falls under the General Data Protection Regulation (GDPR). Using that information, develop security policies to appropriately protect data with each level of sensitivity and an effective incident response plan. Last but not least, it's important to set up alerts so you can respond quickly to suspicious activity.

Error 5: No actionable incident response plan
A recent Netwrix study shows that only 17% of organizations test their incident response plans. The remaining 83% have no guarantee that their plan will work out in real life; in case of an incident, they might waste precious time and fail to notify customers and authorities properly.

Initiating a pseudo-cyberattack as a part of penetration testing is a good idea. This will help to determine if your draft plan is effective and ensure that everyone knows exactly what to do if an incident occurs. The results of the test should be used to improve the plan and develop regular practice runs for employees.

Conclusion
The only way for organizations to avoid long-lasting data breaches is to ensure that their cybersecurity strategy is an ongoing focus rather than a one-off exercise that's soon forgotten. A forward-thinking business leader should manage cybersecurity risks on an equal footing with all other business risks and treat cybersecurity as an organizationwide issue. Creating a security-centric culture requires a joint effort by various departments that involves technology, processes, and people. With centralized IT governance and a bird's-eye view of the IT infrastructure, businesses can be far more confident that unauthorized activity will be detected and terminated quickly.

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "From 1s & 0s to Wobbly Lines: The Radio Frequency (RF) Security Starter Guide"

Matt Middleton-Leal is General Manager and Chief Security Strategist is at Netwrix, a software company that enables information security and governance professionals to reclaim control over sensitive, regulated and business-critical data, regardless of where it resides. Matt ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
chirurgieesthetiqutunisie
50%
50%
chirurgieesthetiqutunisie,
User Rank: Apprentice
2/12/2020 | 10:21:44 AM
reading
wonderful article
Stop Defending Everything
Kevin Kurzawa, Senior Information Security Auditor,  2/12/2020
Small Business Security: 5 Tips on How and Where to Start
Mike Puglia, Chief Strategy Officer at Kaseya,  2/13/2020
Architectural Analysis IDs 78 Specific Risks in Machine-Learning Systems
Jai Vijayan, Contributing Writer,  2/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19325
PUBLISHED: 2020-02-17
SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows Reflected XSS on the login form and custom forms. Silverstripe Forms allow malicious HTML or JavaScript to be inserted through non-scalar FormField attributes, which allows performing XSS (Cross-Site Scripting) on some forms built...
CVE-2020-1693
PUBLISHED: 2020-02-17
A flaw was found in Spacewalk up to version 2.9 where it was vulnerable to XML internal entity attacks via the /rpc/api endpoint. An unauthenticated remote attacker could use this flaw to retrieve the content of certain files and trigger a denial of service, or in certain circumstances, execute arbi...
CVE-2020-1828
PUBLISHED: 2020-02-17
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in a specific message. ...
CVE-2020-1857
PUBLISHED: 2020-02-17
Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have an information leakage vulnerability. Due to improper processing of some data, a local authent...
CVE-2020-1858
PUBLISHED: 2020-02-17
Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00SPC100; Secospace USG6600 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100; and USG9500 versions V500R001C30SPC600, V500R001C60SPC500, and V500R005C00SPC100 have a denial of service vulnerability. Att...