Revolutionary technologies such as Internet of Things (IoTs) and cloud computing, AI, Big Data, et al have created enormous opportunities for global organizations. They have changed the way global corporations conduct business. While these technologies create new opportunities, they also make IT assets vulnerable. Indeed, with tons of data stored in the cloud, and critical systems with which end users interact, organizations risk data breach from malicious outsiders/ insiders.
Gartner in one of its reports namely, “Inadequate security sees surge in IoT data breaches, study shows” has confirmed that data breaches linked to IoTs have increased considerably over the last two years.
Internet of Things (IoT)
We do come across numerous IoT security breaches in the last few years. The TRENDNet Webcam hack is one of them. While TRENDnet promoted their cameras for home security and baby monitoring purposes, they hardly speculated that their devices could be under the radar of hackers. Unfortunately, within a few days, the organization came to know that there were security loopholes that were already found and exploited by cyber crooks. Due to the faulty software, anyone could access the IP address of the device and the hackers found out the login credentials only to take entire control of the devices. It is a basic security practice to secure IP addresses against hacking and encrypt login credentials which TRENDnet surprisingly failed to do and the convenience of IoT could not fructify.
Any IoT device consists of built-in sensors that are connected to the IoT platforms which store data from the connected devices. This storing of data happens very tactfully because the IoT device itself selects the data which are relevant to execute the required action and perform the desired task. With the benefits of a connected world in industries like healthcare, transportation or manufacturing in Smart cities, the devices insecurely connected to the internet pose significant security risks. Any time it can become a backdoor entry point of the hackers and cripple the entire ecosystem. If the deployment of IoT network lacks proper user authorization mechanism, secured access control or multi-factor authentication, then the cyber crooks take the opportunity to misuse the vulnerability and breach data. As a result, the entire objective of IoT convenience is destroyed.
Security breaches of cloud-based access drew the attention of the IT security officials way back in 2012. The Dropbox incident was the first eye-opener where IT officers first came to know that cloud-based access control mechanism can also be breached beyond recovery. More than 68 million user accounts, email addresses were compromised by hackers and made their way to the dark web at the price of almost $1,141. Unfortunately, Dropbox had to wash their hands off from any kind of attempt to recover the data and requested a site-wide password reset from the user base.
Following their footsteps, the National Electoral Institute of Mexico became a victim of data breach in 2016. Almost 93 million voters’ registration was compromised due to poorly configured database that made this sensitive information publicly available. Later on, it was found that the Institute was storing data insecurely on a cloud server outside the country.
Today, hosted environments like cloud platforms are more targeted by organized cyber criminals. Since CIOs nowadays prefer business enablers like cloud platforms or MSP environments to store data assets, cyber criminals are opting for advanced and sophisticated ways to breach data. This is resulting in the expansion of risk surface and higher data vulnerabilities. Even today, many organizations turn a blind eye towards the security of data while storing in the cloud or migrating to the MSP environment. An inadequate access control mechanism, absence of multi-factor authentication, absence of granular level control, lack of adaptive authentication and no provision for monitoring tasks create a huge security gap.
Role of Privileged Access Management (PAM)
The privileged accounts are always vulnerable to security threats. These accounts are typically targeted by cyber crooks to breach information due to intrinsic significance in the whole IT infra fabric. That’s why organizations need to pay close attention to who is accessing what, why and when?
Refer to our article – How Malicious Insiders are the Biggest threat to Privileged accounts?
The extent of risk depends on the number of privileged accounts – the more number of privileged accounts, the risk also increases because too many accounts increase administrators’ challenges. Organizations should adopt the principle of Least Privilege. The concept of least privileges means that IT administrators limit allocating new privileges as far as possible which helps to seamlessly manage and monitor privileged user activities.
A robust ARCON Privileged Access Management can provide adequate safeguards aimed at mitigating information systems related risks. This tool enables IT operations and security teams to effectively monitor all privileged accounts thus ensuring a smooth digital transformation journey for the organization whilst limiting the privileged user access defined by roles and rules.
ARCON is a leading enterprise risk control solutions provider, specializing in risk-predictive technologies. ARCON | User Behaviour Analytics enables to monitor end-user activities in real-time. ARCON | Privileged Access Management reinforces access control and mitigates data breach threats. ARCON | Secure Compliance Management is a vulnerability assessment tool.