Is the number one security threat that IT organizations face today compromised credentials? It sure seems that way. More organizations are being hacked than ever before, and the most common method for those hacks is co-opting a user’s credentials.
Those credentials are then used to gain access to a wide variety of internal IT resources and ultimately administrative credentials. It has happened to some of the largest companies (Anthem, CitiGroup) in the world and some of the most innovative tech companies as well (Snapchat, DropBox).
Nobody is immune from having their organization breached.
General Path Hackers Take
Hackers find easy sites where they can pick up usernames and passwords. They will then try those combinations on other sites and IT resources. Perhaps they get a hit with somebody’s email password. Or maybe they can use it to log into a server. Either of those is a pretty strong target.
Once in, they start to expand their footprint. If they own a user’s email account, they start to reset passwords to other accounts. If they are on a server, they will start to see what other servers are on the network and whether they can leverage the credentials they know about with other services on the network.
With some luck, the hacker finds a user that is leveraging the same username/password combination for their professional account. Then, they are in. From there, it’s just a matter of how much damage they want to do. Is money their motivation, or is it to destroy data? Either one is easily achieved with the right set of credentials.
Terrifying Storyline for IT Admins
This story is a nightmare scenario for most IT admins and something that they worry a great deal about. Most IT admins care a great deal about the safety of their users, their data, and their company. The challenge is that there are so many different attack vectors that IT admins struggle to protect against them all. Further, no matter how much effort the IT organization puts in, they are dependent on the behavior of their employee population. A user that may not understand the significance of the problem which could cause an alarming data breach.
Take Action to Avoid Compromised Credentials
#1 Educate and Train Employees
- Spend time educating them on the importance of protecting their online accounts.
- Teach them how to create strong passwords.
- Walk them through why they should use unique passwords per account and how to leverage a password manager to support that effort.
While you can empathize with them about how hard it is to remain vigilant, remind them that it is necessary for their personal safety as well as the organization’s safety. Underscore that it’s important to them personally to have strong and unique passwords.
#2 Leverage Multi-Factor Authentication (MFA/2FA)
The second step is to enable multi-factor authentication wherever possible. That includes G Suite, Office 365, and AWS. Since all three of these platforms are conduits to the more important assets that your organization has, MFA should be mandatory for these platforms.
If possible, extend that mandatory stance for MFA to your systems. Require a two-step process for gaining access to a user’s laptop or desktop. While it takes a few extra seconds, the level of security is significant.
#3 Maintain Centralized Control
The third step is to create a central user management system that gives IT control over all user accounts whether they are to systems, applications, or networks. Defunct accounts for former employees or contractors yet still exist on critical systems are a huge risk. Ensure that you are able to deprovision users across all systems. The best way to do this is to leverage a strong directory service that can work in a mixed-platform and multi-protocol environment.
Other Steps to Protect Against the #1 Security Threat
Of course, there are a number of other steps that you can take. For example, you can leverage events and logging systems to see who is authenticating into your systems. You may also employ other security tools, including password complexity schemes.
However, we’d start with these three steps, which provide a significant step-up for just about any organization. Compromised credentials don’t have to happen to you. With a few specific steps, you will protect yourself from becoming the next victim.
If you would like to learn more about how the Directory-as-a-Service® platform from JumpCloud® can help support your effort to secure your identity and access management approach, drop us a note. Also, sign up for a free account and give our IDaaS solution a try for yourself. Your first 10 users are free forever.