October 19, 2016
Centrify suggests seven steps to slash cybercrime
Centrify, the leader in securing enterprise identities against cyberthreats, warns that organisations need more than just user awareness programs to cut the risk of social engineering and cyber fraud.
The Santa Clara-based cybersecurity company, which has a strong presence in Australia and New Zealand, said cyber theft was hitting both mid-size companies and enterprises hard.
One US tech company, Ubiquiti Networks, was recently swindled out of US$47 million while another Atlanta-based company was scammed out of US$1.8 million. The FBI has reported more than 12,000 victims of executive-level fraud globally with a loss of more than $2 billion during the past two years.
Intellectual property theft is another form of cybercrime, with a 2015 Reuters report stating that hackers steal US$160 billion worth of intellectual property each year. For example, Australian metal detector manufacturer Codan had its metal detector designs stolen in 2011 after an employee laptop was hacked through a vulnerable hotel Wi-Fi connection in China.
The company discovered the problem when faulty metal detectors bearing its brand began showing up for repairs with completely different internals. The counterfeiters of the metal detectors were eventually brought to justice, but the financial impact on Codan was a fall in net profit from $45 million in 2013 to $9.2 million a year later due to heavy discounting to compete with the fake machines.
Centrify Country Manager ANZ Lachlan McKenzie said executives could combat cybercrime in an organisation and reduce IT security budgets by following seven straightforward steps. “Cyber risk is present at every level in every company from the break room to the boardroom,” he said.
“In retail, data breaches occur in companies of every size; from a one-store grocer to national organisations .Cyber awareness of social engineering attack modes is a management priority, and all employees have responsibility in preventing phishing and spear-phishing attacks from launching malware. Employee training and cyber awareness are essential in reducing risk and the cost of data breaches, in addition to a defence approach with appropriate cybersecurity tools and software.
“Yet, awareness training is only part of the answer. A company-wide security policy as well as good internal controls, including the division of duties, are required. The policy and internal controls address access controls and payments processes, restrict access to accounts by individual role, work in the approvals process and keep password hygiene.”
Mr McKenzie said senior executives could substantially improve their organisation’s security posture by implementing protections based on the following seven steps:
1. Consolidate identities: “With 60 per cent of data breaches caused by weak, stolen or default passwords, it makes sense to consolidate identities, to develop a holistic view of all users and strengthen and enforce password policy or eliminate passwords where possible.
2. Audit third party risk: “Third party IT outsourcing contractors, business partners and associates are a preferred route for hackers to access the corporate network. However, only recently has third-party risk been assessed, managed and monitored. Audits to evaluate the security and privacy practices of third parties are essential to improve security posture.
3. MFA Everywhere: “Multi-factor authentication everywhere, including third parties and the VPN that adapts to user behaviour, is widely acknowledged as one of the most effective measures in preventing threat actors from gaining access to the network and target systems.
4. Single Sign-On: “Single sign-on to enterprise and cloud apps, combined with automated cloud application provisioning and self-service password resets, cuts helpdesk time and cost and improves user efficiency.
5. Least Privilege Access: “Role-based access, least-privilege and just-in-time privilege approval approaches protect high value accounts, while reducing the likelihood of data loss from malicious insiders.
6. Log privileged user access: “Logging and monitoring of all privileged user commands makes compliance reporting a trivial matter and enables forensic investigation to conduct root cause analysis. Compliance audit reports should only take minutes to prepare, not weeks.
7. Protect inside the network: “Network segmentation, isolation of highly sensitive data and encryption of data at rest and in motion provide the best protection from malicious insiders and persistent hackers who get inside the firewall.”
Mr McKenzie said while there were no magic bullets for defeating cyberthreats, the right strategy, strong security policy and active engagement of all employees could drastically reduce the risk of cyberattack. “By following these steps, organisations can reduce cyber risk, improve corporate compliance and gain cost efficiencies,” he said.
Learn more with the latest Centrify whitepaper: A Platform Approach to Securing Enterprise Identities.
Centrify is the leader in securing enterprise identities against cyberthreats that target today’s hybrid IT environment of cloud, mobile and on-premises. The Centrify Identity Platform protects against the leading point of attack used in data breaches compromised credentials — by securing an enterprise’s internal and external users as well as its privileged accounts. Centrify delivers stronger security, continuous compliance and enhanced user productivity through single sign-on, multi-factor authentication, mobile and Mac management, privileged access security and session monitoring. Centrify is trusted by over 5000 customers, including more than half of the Fortune 50 in the US.
Centrify is a registered trademark and Centrify Server Suite, Centrify Privilege Service and Centrify Identity Service are trademarks of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners.