We’re used to thinking of cyberattacks as an “exterior” threat; one where hackers, like burglars, try to “break into” a company’s information technology (IT) network and steal data.
Yet according to a new survey by security firm CyberArk, the most common type of cyberattack today is one initiated on the “inside,” with hackers “posing” as company personnel by tapping the electronic “credentials” used to manage and run an organization’s IT infrastructure.
Such “account takeovers” are also proving to be one of the hardest types of cyberattacks to mitigate, according to CyberArk’s 9th Annual Global Advanced Threat Landscape Survey, developed through interviews with 673 IT security and C-level executives.
Some 61% of those executives say account takeovers are the toughest electronic threat to mitigate – up from 44% last year – with 48% believing that most data breaches are caused by poor employee security habits, with just 29% percent blaming cyber-attacker “sophistication” for such incidents.
“It is no longer acceptable for organizations to presume they can keep attackers off their network,” noted John Worrall, CyberArk’s chief marketing officer, in a statement.
“The most damaging attacks occur when privileged and administrative credentials are stolen, giving the attacker the same level of access as the internal people managing the systems,” Worrall (at right) stressed. “This puts an organization at the mercy of an attacker’s motivation – be it financial, espionage or causing harm to the business.”
He did emphasize, though, that CyberArk’s latest survey highlights an increasing awareness of the devastating fallout of privileged account takeover, which the firm hopes will continue to spur a ripple effect in the market as organizations acknowledge they must expand security strategies beyond trying to stop perimeter attacks like phishing.
“While there is increasing awareness about the connection between ‘account takeover’ as a primary attack vector and recent, high profile breaches, many organizations are still focusing on perimeter defenses,” Worrall added.
As a result, “many IT and business leaders may not have a full picture of their IT security programs,” he pointed out. “Looking beyond the tip of the iceberg with perimeter defenses and phishing attacks – organizations must be able to protect against more devastating compromises happening inside the network, like Pass-the-Hash and Kerberos ‘Golden Ticket’ attacks.”
Other cyber security findings from CyberArk’s latest survey include:
- Threat of complete network takeover rising: As demonstrated by attacks on Sony Pictures, the U.S. Office of Personnel Management (OPM) and more, once attackers steal privileged accounts, they can conduct a hostile takeover of network infrastructure or steal massive amounts of sensitive data. These powerful accounts give attackers the same control as the most powerful IT users on any network. By being able to masquerade as a legitimate insider, attackers are able to continue to elevate privileges and move laterally throughout a network to steal data.
- False confidence in current cyber-security strategies: CyberArk said that while 57% survey respondents display public confidence in their corporate security strategies, the tactics being employed by organizations can contradict security best practices. Despite industry research showing that it typically takes organizations an average of 200 days to discover attackers on their networks, roughly 55% of respondents believe they can detect attackers within days, with 25% thinking they can do it in hours. And 44% of respondents also persist in believing that they can keep attackers off the network entirely – despite repeated evidence to the contrary.
- Failing to recognize the enemy within: Cyber attackers continue to evolve tactics to target, steal and exploit privileged accounts, CyberArk stressed – the keys to successfully gaining access to an organization’s most sensitive and valuable data. While many organizations focus heavily on defending against perimeter attacks like phishing, attacks launched from inside an organization are potentially the most devastating, such as Kerberos attacks, which can enable complete control over a target’s network by taking over the domain controller.
As trucking continues to become more and more digitized, the need to adapt and expand cybersecurity protocols is only going to increase. That’s why it’s wise to start crafting a variety of cyber defensive plays now – even to the point of developing “counter-intelligence” style efforts to help root out hackers that seek to compromise IT systems from within.