4 Tools to Keep in your Risk-Assessment Toolbox
As more companies move to support cloud-based environments to work with better mobility and flexibility, their number of vulnerability points also increase. A thriving underground economy that trades in hacking tools, cyber crime services, stolen data, and credentials is estimated to be worth $600 billion annually—that’s more than the film, gaming, and wedding industries, combined.
But while cyber-security threats are getting more sophisticated, the good news is that the solutions are, too. In this post, I will outline four security tactics you can leverage to vastly improve your security posture.
1. Contextual access management
According to Verizon’s 2018 Data Breach Investigations Report, over 80% of data breaches occur as a result of stolen credentials. Simple password-based authentication isn’t enough anymore. Context is key.
If you look around your office, chances are the majority of your colleagues have their phones within arm's reach. So if you were notified of a mobile login attempt that happened on the other side of the city—or worse yet, the other side of the world—something is wrong.
Contextual access management tools assess every access request in real-time, and taking a number of factors into consideration in order to assess the risk of a login attempt. These factors include:
Device: Is the device new or previously trusted?
Location: Is the login from an unusual geolocation?
Network connection: Is it made from a new IP address, and/or are VPNs being used to conceal location?
Timing: Is the user signing in during regular working hours? Has the user signed in at this time before?
Based on this context and the corresponding IT policy, these tools will either accept a user without the need for a password, request an additional authentication factor, or deny access completely.
Security information and event management (SIEM) solutions are a strong complement to contextual access management tools. They log and report system event information and identify correlations between security events to help admins identify risk.
For instance, multiple failed login attempts from the same IP may be flagged as particularly suspicious. SIEM solutions can also connect to multiple threat intelligence feeds to increase the chances of identifying risky events. Those feeds may provide more information about that same IP’s activity to confirm whether or not it’s a threat.
Both MFA and SSO tools are valuable sources of information for SIEM solutions, as they offer visibility into how, when, and where access attempts are made, along with which user tried to gain access.
The end result? Actionable insights served through the SIEM solution. These help IT expedite incident response and proactive threat prevention.
3. Employee testing
Phishing remains a persistent and common cyber threat, linked to almost 93% of identity-based data breaches. One of the most effective ways to defend against phishing attacks is to regularly test employees. This will offer IT teams a useful indicator of how much risk the organisation is exposed to.
Look for tools that provide simulations of real-world attacks that can be updated over time according to the most contemporary threats. The best results come from running short tests throughout the year and giving users feedback based on an analysis of their results on a regular basis. You can even enhance employee testing with gamification techniques to really engage users from across the organisation. For many, security may not be top of mind otherwise.
4. Pen testing
The hijacking of corporate accounts via stolen, leaked, or guessed credentials also continues to be of great concern. In fact, the use of credential stuffing tools and password spraying techniques has become so commonplace that the UK government was forced to issue advisories covering both in 2018.
To help combat these threats, combine Identity and Access Management (IAM) with vulnerability and penetration testing. IT can probe exposed websites, applications, and endpoints for vulnerabilities alongside brute-force attack attempts. This will provide invaluable intelligence on areas where the company needs to mitigate risk and insights into how well its current security tools are performing.
Taking a proactive security approach with these methods will provide a solid security foundation for your organisation. To learn more, check out our whitepaper: Getting Started with Zero Trust: Never trust, always verify.