Recent news of a cyberattack on a water treatment plant carried out by a remote perpetrator came as an unwelcome shock to organizations around the world. The attack was surprising in itself in that there was no sophisticated or complex attack strategy involved - the attacker was able to breach the public infrastructure by simply taking advantage of the treatment plant's inadequate security practices.
With work from home being an ongoing necessity among the global workforce, VPNs and privileged remote sessions have become the only way through which employees can access their corporate resources. However, with remote work growing popular across the globe, there has also been a significant surge in the number of remote-session-based attacks, where cyber criminals break into critical infrastructure using compromised credentials. Since the credentials are legitimate, attackers can mimic legitimate users to avoid being detected.
While cybersecurity attack methods are rapidly evolving, it's more often than not a misuse of administrative privileges and weak or stolen credentials that are enough to breach any critical infrastructure. Let's take the attack on the water treatment plant for example—all it took for the unidentified perpetrator was one unprotected password to access and handle the control systems remotely. Time and again, incidents like this prove that when passwords are stored in secure vaults and are subject to standard security practices, the chances of getting hacked are far lower.
Well-defined password hygiene is the key to sustainable IT security
Security is not a one-time process; it has to be approached and improved holistically. While it's crucial to stay on top of threats by employing advanced defense controls, it is equally imperative to consistently ensure that the fundamental elements of security (read: credentials) are fortified. This involves following a certain set of basic security hygiene, such as:
- Ensuring and mandating strict password policies
- Including multi-factor authentication controls
- Securing privileged credentials in encrypted databases
- Monitoring remote user sessions in real time
- Identifying and terminating suspicious user activities
- Periodic vulnerability scanning and patching of endpoints
Poor password practices, such as reusing and sharing critical credentials, are not uncommon and could open several security loopholes for attackers to exploit. Manual management and tracking of privileged credentials using spreadsheets is not just cumbersome, but also not reliable owing to the fact that one malicious or ignorant insider is all it takes to expose the credentials to criminals. Furthermore, remote sessions, when accessed by unauthorized users, could open the floodgates to sensitive information worth hundreds of millions of dollars.
Lock the house, hide the key
It's imperative for organizations to employ sound privileged access security controls to safeguard access to sensitive information systems and monitor live remote sessions. This can be achieved by investing in a reliable privileged access management (PAM) solution that automates the mundane tasks of:
- Discovering, consolidating, and storing privileged passwords in secure vaults.
- Automatically resetting passwords based on existing policies and rotating passwords after every one-time use.
- Assigning the least privileges possible to normal users and elevating their privileges if and when required.
- Enforcing multi-factor authentication controls to authorize access to privileged resources.
- Establishing a request-release workflow to validate user requirements before providing them with access to critical resources.
- Monitoring remote user sessions in real time, terminating suspicious sessions, and revoking user privileges upon expiration of their sessions.
In addition, PAM solutions can effectively aid in eliminating the silos and monotony associated with access management controls. They provide effective automation to streamline credential and access security workflows, which allows IT admins to save their time and efforts for more important tasks.
To conclude, poor access control strategy will not only cost organizations their reputations alongside hefty penalties, but could potentially put many innocent lives at risk. The recent attacks on remote systems are enough corroborating evidence of why organizations, especially those that serve the public's interest, need to tighten their security infrastructure using a bottom-up approach.