Weak passwords are a source of breaches and by adopting Zero Trust approach, organisations can reduce weaknesses, explains Centrify’s Kamel Heus.
Gartner research reveals that Middle East and North Africa have the highest number of reported breaches in the world. In 2018, more than 36,000 incidents were reported from this region, the highest in the world. Along with this statistic, Gartner presentations revealed that the region also has the highest mean time to identify the breach. At 260 days, it is the highest in the world.
What are the weaknesses in organisations that allow such a high number of incidents? Post incident analysis usually reveals that prevalence and usage of weak passwords amongst end users, and especially privileged end users like administrators, is the root cause for such breaches.
Most incidents that happen are not necessarily of an advanced nature, and mostly stem when threat actors or hackers are able to crack weak passwords, and gain entry into an organisation’s network using compromised credentials of end users and administrators.
Gaining entry into an organisation’s network through the credentials of an actual end user or privileged end user like an administrator, remains the easiest entry strategy for threat actors. Forrester Research points out that 80% of security breaches result from privileged access abuse.
In the past, it used to be assumed that access granted through a login including a user name and password was sufficient to guarantee the authenticity of the user. With the increasing sophistication of threat actors to brute force passwords to gain access, especially weak and repeated passwords, this assumption is no longer valid, and has spawned the creation of the Zero Trust model.
The Zero Trust model, first suggested by Forrester Research and National Institute of Standards and Technology in 2010, reinforces the modern belief that login identities can no longer be trusted, inside or outside the organisation, especially with the expanding threat surface.
By limiting and securing privileged access to the above, the organisation is moving away from a perimeter-based approach to a Zero Trust approach. The Zero Trust approach boosts prevention, detection, response, and compliance towards standards such as HIPAA, FISMA, PCI, and others. Moreover, it can be extended to the cloud, mobility, Big Data lakes, DevOps, containers, microservices, and others.
Organisations begin their Zero Trust journey with the following initiatives:
#1 Vault all privileged credentials
Access to the credentials of privileged users and privileged resources need to be secured and controlled, raising the level of security management control. Rigorous multi-factor authentication also needs to be enabled and added around privileged users and privileged resources.
#2 Consolidate identities and introduce least privilege
All identities need to be consolidated to eliminate redundant ones at the same time limiting privileges to the minimum required to get the work done. Along with limiting privileges, workflows need to be limited in the similar manner to restrict lateral user movements.
#3 Hardening the environment
Once the above two initiatives have been implemented, the organisation can move to the next level of compliance. This can include introduction of air gapping around hardware and resources, usage of host-based intrusion detection systems, and development of advanced behavioural analytics.
By going through these steps, organisations can ensure they are no longer vulnerable in the area of security breaches and password theft.