The First Rule of Cybersecurity: Trust No One, Or…?
April 24th, 2018
Sure, the first rule of cybersecurity should be to trust no one, but the reality is that it is difficult to achieve this since EVERY SINGLE CYBERSECURITY PROJECT requires some level of trust between the vendor, consultants, and/or staff charged with designing and implementing the project.
Although not as air-tight as trusting no one, employing proper cybersecurity controls can benefit organizations in multiple ways. This includes:
- Mitigating mistakes
- Limiting what attackers can do in the case of a breach
- Keeping honest people honest
- Pushing somewhat questionable people to be more honest
- Protecting users
- Protecting the data of your customers
- Keeping your customers’ trust
“Trust but Verify” Provides an Audit Trail
Instead of “trust no one,” most organizations have instead implemented a “trust but verify” model. This more practical approach provides an audit trail of everything a user does. Auditing, more often than not, proves that a user didn’t do something that, initially, looked as though he/she did.
In the 2018 Verizon Data Breach Investigation Report, we learned a lot about attackers and their methods, in part, because many organizations that were breached had sufficiently detailed data to answer the “how” and “when” questions.
Can you imagine if, after a breach, your CSO stated that he/she couldn’t determine how a breach happened, what systems were accessed, what data was taken, or even if the intruder is still active inside of your network? That experience would be gut-wrenching (and likely the CSO’s last day on the job). The point is, you need audit data – so, if one day you need to answer these types of questions – you are prepared.
Just the presence of cybersecurity alters user behavior. If we see a police car or photo radar at a stop light, we naturally ensure we are doing the speed limit and following the rules. In an airport security line, almost all people are well-behaved, and no one is making questionable jokes. Even though it might sound like security theater, the presence of real security will alter behavior and slow down or stop attackers. It keeps good people good, and bad people out.
How Can BeyondTrust Help in a “Trust but Verify” Model?
There are basic steps every organization can take in a “Trust but Verify” model using BeyondTrust solutions.
- Removing admin rights for users on their desktops greatly reduces the risk of systems being compromised by malware. The challenge with users not being admins is that some tasks you want them to perform will require those rights. PowerBroker for Windows and PowerBroker for Mac enables you to remove admin rights, but leverage policy to enforce which tasks you would like them to be permitted to perform.
- Stop sharing the root account. It sounds simple, and it actually is. PowerBroker for Unix and & Linux enables you to delegate which users can perform which tasks on systems with a wide variety of criteria. More importantly, it provides a detailed audit trail that is not limited to what command a user ran, but also what actions the system performed.
- Finally, for the times when a user needs to be root or administrator, you can protect your privileged accounts by retrieving a session or credential from PowerBroker Password Safe so you can enforce clear visibility and accountability over who was using the credentials and when.
Between these three simple steps, you move beyond a limiting “trust no one” model and onto an enabling “trust but verify” model with greater accountability, visibility, and control over your environment. For more on how BeyondTrust can help, contact us today.