Cybersecurity Insurance Checklist - Meet Insurance Requirements with BeyondTrust PAM Download for Free

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

What Lessons Can We Learn from the Verizon Data Breach Digest?

March 22, 2016

  • Blog
  • Archive
Verizon Data Breach Resort Verizon has released its first Verizon Data Breach Digest (DBD), an inside – and significantly condensed – look at the cyber investigations which comprise the Data Breach Investigations Report (DBIR), published annually by Verizon Enterprise Solutions. The layout of the digest provides a look into cyber investigations, including the casework and how each investigation works. I recommend that you as a security professional take the time to read through this enlightening report. What are the commonalities in the breaches covered in the DBD? What can we learn? BeyondTrust looked at all 18 stories which comprise the DBD and have outlined in a few cases how solutions could have mitigated the severity, if not avoided these breaches completely. Over the course of the next few days we will look at a few of the most interesting stories. Today we’ll focus on the role of least privilege and application control to combat social engineering. Social engineering – the Hyper Click (pages 10-14 in the DBD) What Happened A chief design engineer was contacted by a “recruiter” via LinkedIn. A recruiter was sending employee position listings in an attached document. The document contained small malicious software, which deployed onto host systems and established a connection to a command and control (C2) server overseas. This was a targeted, state-sponsored attack that involved social engineering and malware. The actors knew who to target to get the data they wanted and even encrypted the data prior to exfiltration to avoid being detected by DLP solutions. Normal monitoring would see no real suspicious behavior as the chief design engineer had legitimate access to all this content. Recommendations
  • Training on social engineering
  • Defining how data can be transferred
  • Deploying dedicated systems to perform engineering work without email or web access
Lesson Learned Security controls can be enhanced with strong and mutual authentication combined with robust identity and access management programs. Financial Pretexting – the Slick Willie (pages 15-17 in the DBD) What happened An unknown threat actor attempted to initiate wire transfers of $5.3 million from a bank. The bank did not discover the attack and was only made aware of it after being notified by the Feds after the transfers were denied. During the investigation they learned that the bank finance manager requested the wire transfers over a 24 hour period. Upon interviewing the finance manager the bank learned that she was unaware of the transfers, however, she stated her computer had been acting funny and did things on its own. Earlier that month she recalled an email from the CIO praising her which contained a hyperlink. She did not recall working with the CIO, but appreciated the gesture since it came from the bank CIO. The CIO did not send the email. Her computer was infected the day the email was received with credential stealing and data-scraping capabilities of a standard infection, but also full remote access and control of the affected system. Recommendations
  • Training on social engineering
  • Leveraging multi-factor authentication to control access to financial systems
Lessons Learned Social engineering attacks put people in a frame of mind so they do what you are asking. How BeyondTrust could help mitigate the effects of social engineering PowerBroker for Windows, a least privilege and application control solution, removes administrative rights on end user accounts, using policy to dictate what applications can run with higher privileges. Operating under a least privilege model and application control would limit the scope of attacks such as this one. Consider the evidence:
  • In 2015, 85% of vulnerabilities on Windows could have been mitigated by removing admin rights. Almost every vulnerability that would have resulted from users surfing the web using Internet Explorer – 99.5% -- could be mitigated by not running as an administrator.
  • 12% of attacks are thwarted by not allowing unknown software from running from a user’s profile or anywhere.
  • The remainder of attacks are thwarted by checking if trusted software, software that has been specifically allowed with known vulnerabilities, are restricted from running.
BeyondTrust can help by not only enforcing least privilege, but by leveraging patented technology to automatically scan applications for vulnerabilities at run time – triggering alerts, enforcing quarantine, reducing application privileges, or preventing launch altogether based on policy. Watch for more blogs coming in this series in the next few days. In the meantime, if you’re combatting social engineering and want to know how least privilege can help, contact us today!

Rod Simmons, Director Product Management, BeyondTrust

Rod Simmons brings more than 15 years of system security experience to BeyondTrust, designing solutions for the company’s portfolio of Privileged Account Management solutions for enterprise environments. Prior to his role at BeyondTrust, Rod spent more than four years with Dell/Quest software, where he served as the director of technical strategy. Earlier in his career, Rod was the director of product management at Netpro Computing, where he managed the technical and business direction of all products for the Microsoft Platform.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Microsoft Vulnerabilities Report 2021

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.