Using Identity Analytics to Fight Ransomware and other Cyber Threats
- Sebastien Faivre
- May 10, 2023
- 5 MIN READ
In this three-part series, we expose the major cybersecurity concerns related to identity and access rights. We will touch on examples of threats and cyber risk that can be monitored and governed using identity analytics—the hottest topic in the world of cybersecurity—and showcase how it supports Zero Trust policies and other security principles.
Cyber-Threat in 2023 and Beyond: Vigilance is Still Required
One year after the start of the Russian-Ukrainian conflict, the Department of Homeland Security’s (DHS) Cybersecurity Infrastructure and Security Agency (CISA) continues to stand by its cybersecurity recommendations issued the previous year in February 2022. The Shields Up campaign specifically raised awareness about the possibility of sponsored cyber-attacks targeting companies and other entities associated with the American aerospace and defense sectors.
As part of the proactive measures, the Shields Up programs highly encourages any Chief Information Security Officer (CISO) to be empowered as well as included in any conversations or decisions involving the cyber risk facing their company. Additionally, it would be their responsibility to inform all those working for the organization of the high level of importance regarding the security policies, processes and tools in place meant to keep the entity as protected as possible from intrusion.
The recommendations include creating a reporting system for notification and documentation of incidents and threats to inform members of the senior management team as well as government entities of the issues. The risk sensitivity should be heightened to a threshold that makes even the smallest incident worthy of reporting.
In the realm of cyber threats, nothing can be overlooked or ignored, no matter the perceived insignificance.
Lastly, as with on-premise fire drills which are practiced in case of emergency, the same measure should be taken with regards to cyber incidents. A strategic plan should be outlined and practiced at all levels of the organization so that, in the event of an attack, precious time is not wasted due to the lack of familiarity of the internal threat or breach protocol.
As a general rule of thumb, for the CISO and the organization that he oversees, cyber threats and protective actions regarding breaches and incidents should be the top security priority for all.
Additional Cybersecurity Measures
In addition to the preventative measures that are put into place within entities themselves, the CISA launched the Ransomware Vulnerability Warning Pilot (RVWP) in March 2023. This is a program by which data sources, tools and other resources at the disposal of CISA can be shared and leveraged in order to fight back against ransomware attacks. One of the programs entails companies enrolling in scanning services that help them to stay aware of any potential issues and allows them to be easily notified in the case of a perceived threat. For those who chose not to enroll, other vulnerabilities that could open themselves up to ransomware opportunities can be exposed using public and commercial sources.
The continuation of the Shields Up program as well as the Ransomware Vulnerability Warning Pilot (RVWP) sends a clear message to U.S. and European organizations: this is not the time to relax, as the risk of cyber-attack remains high. Organizations must maintain a heightened level of vigilance to be able to be prepared for and counter potential attacks. be prepared for and counter potential attacks.
Ransomware and other Cyber Risks: An overview
We have all heard the stories. A sophisticated hacker finds a way into a company’s information systems, traversing every security measure put into place and considered to be impenetrable by those in charge. Once this person is on the inside, he takes control of key elements within the systems and can either sabotage the data, assets and resources of the company, or he can do something much worse: demand a ransom in order for the company to be given back access to their assets once the ransom is paid. Mirroring the way high profile kidnappings work, instead of dealing with individuals, here are we are focused on the very heart and soul of an organization: its financial data, customer lists and intellectual property as well as any other proprietary information linked to their product offering. With that securely in the hands of a malicious entity, the company has no choice but to pay up or close shop.
While ransomware is most often the work of an individual or group outside of an organization, the other significant threat to a company’s security posture is an attack by someone within the organization itself. This can be someone who has gained access to certain data, applications or other resources that allows him to manipulate the data for their own means. This could include fraudulent financial activities as well as seizing control and sabotaging key assets of the company.
Both ransomware and insider threats are closely associated with one pillar of the security strategy of a company: identity.
Identity refers to any type of access right, whether it be linked to an individual or a non-named account such as a service or technical account. Once an entity has access to an account—especially those with elevated privileges and permission to access highly sensitive tools and data—havoc can be wreaked quite easily throughout the organization. But one thing should be kept in mind: this can be either intentional or unintentional. There is, at times, human error and mistakes that put a company in a precarious position without any willingness on the part of the perpetrator.
For these reasons, monitoring and controlling identities having access to information systems is the first step in combatting cyber risk. From threat assessment to best practices, monitoring identities and securing access rights is one of the key pillars of a security and risk strategy, and the best way to focus on access rights and permissions proactively and preventatively is by using an identity analytics software solution.
Identity Analytics Can Help Prevent Cybersecurity Risks
Identity analytics is a true science of access rights, designed to help with the detection, measurement and reduction of risk related to data quality issues linked to access. A specially designed solution provides a full understanding of access rights, enabling the knowledge of who has access to what and to what extent. This clarity assists in making better decisions, which, in turn, helps with compliance with both internal and external security policies and guidelines.
Today, by focusing on identity as a key part of a cybersecurity strategy, the question of how to best protect an organization’s resources and those who use them is being asked again. For a long time, digital identity had been perceived as unchangeable and needed to be secured only once, especially when the authentication process had been reinforced. However, this thinking is outdated and new ways to view the role of identity with regards to cyber risk are being adopted.
With more and more access scenarios and the associated risks such as compromised systems, hacking and fraud, organizations must take an individual approach to these them. Considering the context, each user identity has its own rights, responsibilities and risk profile. This calls into question several years of identity principles which reigned over the standard, rigid management process for all collaborators and players.
I encourage readers to learn more about how identity analytics can help any organization bolster its current cybersecurity policy and posture to prevent catastrophic events from infiltrating their digital fortress. The second and third blogs in this series will provide in-depth information about ransomware and other cyber threats, as well as the detailed methodology involving identity analytics that will stop these threats dead in their tracks.
In the meantime, schedule a meeting with our team at the upcoming Identiverse conference from May 30 through June 2 in Las Vegas, Nevada, we’ll be happy to chat more with you in person.
Subscribe to receive blog updates
Don’t miss the latest conversations and innovations from Radiant Logic, delivered straight to your in-box.