Antivirus Software Isn’t Enough Because Malware Isn’t the Main Cause of Security Breaches

 In Cyber Security

Malware gets a lot of publicity, but computer viruses aren’t the main cause of security breaches. Instead, the attacks rely on stolen credentials, which are increasingly available and cheap, as well as social engineering methods. You can block malware and you can block phishing emails, but you can’t block phone calls and texts that trick employees into revealing account information and credentials. The risks only increase when employees work alone, at home, instead of in an office where they can quickly check the validity of these kinds of contacts.

Because these methods give hackers valid login ids, antivirus software isn’t enough to defend against breaches. Neither are whitelists and firewalls that block unapproved applications and unapproved types of connections. Security analytics that identify suspicious patterns of usage can be helpful, but of course they identify an incident after it’s happened, rather than protecting against one.

The Key to Information Security is Protecting Credentials

The impact of this is that the only way for businesses to effectively protect themselves from attack is to prioritize protecting their credentials. What does this mean?

1. Minimize the power of credentials.

First, recognize that no system is 100% foolproof; there’s always a risk that a bad actor will be able to access credentials. However, you can limit what they can do with those credentials by using role-based access controls that ensure users have the smallest set of rights that allows them to perform their jobs. Institute periodic account reviews to remove permissions users no longer need due to job changes and delete old accounts.

2. Tightly control identity admin privileges and credentials.

If a hacker gains access to an admin account, they can create their own accounts and gain unfettered access, so protecting admin credentials is critical. Start by granting those rights to only a small set of users. Ensure all use of admin privileges to create new accounts or to grant new privileges to accounts is reviewed.

3. Use federated identity management.

With federated identity management, there are fewer credentials that need to be protected, meaning fewer potential points of failure.

4. Use multifactor authentication.

Multifactor authentication, typically implemented as two factor authentication, means hackers need more than a stolen password to access resources.

5. Use modern password rules.

Stolen information doesn’t always give a hacker passwords but may give them the information needed to guess a password. Eliminate password expiration rules and mixed character set requirements. It’s somewhat counter-intuitive, but those rules that are intended to make users create stronger passwords often result in passwords that are more easily guessed.

6. Leverage tools that warn about leaked credentials.

Systems such as Azure AD have now provide leaked credentials reports, identifying which usernames and passwords are available on the dark web.

7. Block risky authentication methods.

Legacy applications and legacy authentication methods prevent Azure AD from performing modern security checks. Block all applications not using modern authentication.

Make sure your credentials are protected with cybersecurity services from Prescient Solutions. Contact us to learn how our IT consulting and managed services help businesses in Chicago and Schaumburg protect their most valuable systems and data.

Recommended Posts
*/ Proactive Information SecurityCyberthreats