Cyber Risk Assesment

In today’s digitally enabled world, Identity and Access Management (IAM) plays a critical role in any enterprise security plan, as it is inseparably linked to the security and productivity of companies. As more and more business store their sensitive data electronically, ensuring that data remains secure is critical. The rapid transformation to the digital world has cut across all organizations and industries and has required changes to how companies manage their workforce and ultimately how they deliver access to their critical applications and data. The workforce has also developed gradually, especially from a simple to a more complex type of labor force for organizations.

In addition to providing access to employees, organizations now also need to include contractors, vendors and partners, each with their own set of access requirements and restrictions. Furthermore, data and applications spread across cloud, on-premises and hybrid infrastructures are being accessed by a variety of devices including tablets, smartphones, and laptops. Identity and Access Management is a Cyber/Information security discipline that ensures right people have appropriate access to the organization’s critical systems and resources at the right time. IAM assimilate three major pillars:

  • Identification
  • Authentication
  • Authorization

When a user tries to access any system or resource, he or she first enters the username as the very first step of identity verification into the system. The system then goes and verifies the user’s identity via the authentication process. Authentication can be done via a basic knowledge-based mechanism such as passwords or more advanced techniques can be used, such as multi-factor authentication (MFA) or biometrics. Once, system successfully completes authentication process, then IAM system will initiate authorization process to ensure that logged in user is only allowed to perform the tasks which he or she is entitled to do as part of their job function based on the pre-defined security policies in the IAM system (e.g. Developer should not be allowed to have admin rights on production system). The fact that a user proves his or her identity is not enough to gain access.

Effective IAM infrastructure and solutions help enterprises establish secure, productive and efficient access to technology resources across these diverse systems while delivering several important key benefits:

Enhanced Data Security: Consolidating authentication and authorization capabilities on a single centralized platform provides business and IT professionals with a streamlined and consistent method of managing user access during identity lifecycle within an organization. For example, when users leave a company, centralized IAM solution gives IT administrators the ability to revoke their access with the confidence that the revocation will take place immediately across all the business-critical systems and resources which are integrated with centralized IAM solution within the company. This will ensure no lingering access stays with the terminated users and hence significantly improves the overall Information Security posture of the company.

Reduced Security Costs: Having a centralized IAM platform in an organization to manage all users and their access allows IT to perform their work more efficiently. In today’s world, each employee has access to thousands of systems and resources as part of their job. Imagine, if an IT administrator has to grant access to each of these systems manually when an employee joins the company and then again revokes these system accesses manually from each system when the user leaves the organization, it will be a nightmare for IT staff and also a huge monetary overhead for the company to maintain these onboarding and off-boarding processes. Efficient centralized IAM solution can address this challenge diligently which results in huge savings of time and money for the company. A comprehensive IAM solution can reduce overall IT costs by automating identity processes that consume IT resources, such as onboarding, password resets and access requests, eliminating the need for help desk tickets or calls.

Least Privilege Principle: Least privilege is an important practice of computer and information security for limiting access privileges for users to the bare minimum rights they need to perform their job duties. With 77% of data breaches involving an insider, it is necessary to ensure access to all your corporate resources are secured and granted using least privilege principle. In a company, it is common for employees to move across different roles in the organization. If the granted privileges are not revoked as the employee change the role, those privileges can accumulate, and this situation poses a great risk for many reasons. It makes that user an easier target for cyber hackers as his/her excessive rights can be an easier gateway for criminals to access the broader part of the company’s critical systems and resources. Or this can eventually turn into the insider threat where a person gets the ability to commit data theft. Sometimes companies forget to remove these excessive privileges from a user’s profile when he/she leaves the company resulting in security risk where the user can still access the company’s systems freely even after the termination. A well-designed centralized IAM solution can help organizations eliminate insider threat challenge by utilizing the Least Privilege Principle to a great extent.

Enterprise IT Governance: Taking compliance regulations around the world such as the HIPPA, SOX, upcoming EU GDPR (General Data Protection Regulation) into account, a lack of effective identity and access management poses high risks to compliance. On March 1, 2017, the state of New York’s Department of Financial Services (NYDFS) new cybersecurity regulations went into effect. The regulations prescribe many requirements for the security operations of financial services companies that operate in New York, including the need to monitor the activities of authorized users and maintain audit logs, something identity and access management systems typically do. Modern IAM solutions and products provide the ability to enforce user access policies, such as separation-of-duty (SoD), and establish consistent governance controls, eliminating access violations or over-entitled users through automated governance controls. This will ensure companies stay compliant with business and government compliance and regulatory standards. Not adhering to these standards could cause companies millions of dollars in penalties.

The world has witnessed an alarming trend in security data breaches (e.g. Yahoo, Equifax, Linkedn, Target, etc.) every year which are both larger in scope and increasingly devastating. Businesses must be able to guard themselves from these cyber threats within the company and from the unknown exposure points of the internet. Identity and access management provides a critical security layer against these unknown security vulnerabilities to protect companies from cybersecurity data breaches. A robust IAM infrastructure can ensure consistent and standard access rules and policies across an organization by providing an important additional layer of protection.

All of these reasons prove the relevance of Identity and Access Management (IAM) for business success and productivity and why should embrace comprehensive IAM processes and infrastructure.

Domain 2: Mitigating internal and external threats

The word ‘threat’ in information security means anyone or anything that poses danger to the information, the computing resources, users, or data. The threat can be from ‘insiders’ who are within the organization, or from outsiders who are outside the organization. Studies show that 80% of security incidents are coming from insiders.

Security threats can be categorized in many ways. One of the important ways they are categorized is on the basis of the “origin of threat,” namely external threats and internal threats. The same threats can be categorized based on the layers described above.

External and Internal Threats

External threats originate from outside the organization, primarily from the environment in which the organization operates. These threats may be primarily physical threats, socio-economic threats specific to the country like a country’s current social and economic situation, network security threats, communication threats, human threats like threats from hackers, software threats, and legal threats. Social engineering threats like using social engineering sites to gather data and impersonate people for the purpose of defrauding them and obtaining their credentials for unauthorized access is increasing. Theft of personal identifiable information, confidential strategies, and intellectual properties of the organization are other important threats. Some of these physical threats or legal threats may endanger an entire organization completely. Comparatively, other threats may affect an organization partially or for a limited period of time and may be overcome relatively easily. Cybercrimes are exposing the organizations to legal risks too.

Some of the important external threats are illustrated in the below Figure.

Internal threats originate from within the organization. The primary contributors to internal threats are employees, contractors, or suppliers to whom work is outsourced. The major threats are frauds, misuse of information, and/or destruction of information. Many internal threats primarily originate for the following reasons:

Weak Security Policies, including:

  • Unclassified or improperly classified information, leading to the divulgence or unintended sharing of confidential information with others, particularly outsiders.
  • Inappropriately defined or implemented authentication or authorization, leading to unauthorized or inappropriate access.
  • Undefined or inappropriate access to customer resources or contractors/suppliers, leading to fraud, misuse of information, or theft.
  • Unclearly defined roles and responsibilities, leading to no lack of ownership and misuse of such situations.
  • Inadequate segregation of duties, leading to fraud or misuse.
  • Unclearly delineated hierarchy of “gatekeepers” who are related to information security, leading to assumed identities.
  • Weak user passwords allowed in the system and applications, leading to unauthorized access and information misuse.
  • Inappropriately configured systems and applications, leading to errors, wrong processing, or corruption of data.
  • Non-restricted administrative access on the local machines and/or network, leading to misuse of the system or infection of the systems.
  • Non-restricted access to external media such as USB or personal devices, leading to theft of data or infection of the systems.
  • Non-restricted access to employees through personal devices or from unauthenticated networks and the like, leading to data theft.
  • Unrestricted access to contractors and suppliers leading to theft or misuse of information including through dumpster diving or shoulder surfing.
  • Unrestricted website surfing, leading to infections of viruses, phishing, or other malware.
  • Unrestricted software downloads leading to infection, copyright violations, or software piracy.
  • Unrestricted remote access leading to unauthorized access or information theft.
  • Accidentally deleting data permanently.

Lack of user security awareness, including:

  • Identity theft and unauthorized access due to weak password complexity.
  • Not following company policies, such as appropriate use of assets, clean desk policy, or clear screen policy, leading to virus attacks or confidential information leakage.
  • Divulging user IDs and/or passwords to others, leading to confidential information leakage.
  • Falling prey to social engineering attacks.
  • Falling prey to phishing and similar attacks.
  • Downloading unwanted software, applications, or images or utilities/tools leading to malware, viruses, worms, or Trojan attacks.
  • Improper e-mail handling/forwarding leading to the loss of reputation or legal violations.
  • Improper use of utilities like messengers or Skype and unauthorized divulgence of information to others.
  • Inappropriate configuration or relaxation of security configurations, leading to exploitation of the systems.
  • Entering incorrect information by oversight and not checking it again or processing the wrong information.
  • Ignoring security errors and still continuing with transactions, leading to the organization being defrauded.

So how can cloudbox technologies help you to mitigate them?

Cloud Box technologies follows an approach to cybersecurity in which a series of defensive mechanisms are layered in order to protect valuable data and information. If one mechanism fails, another steps up immediately to thwart an attack. This is where a defense in depth archictecture comes into play.

Defense in depth helps reduce the likelihood of a single point of failure in the system. Important: Always be prepared to defend your application from attack because the security features defending it might be annihilated.

How defense in depth works

A layered approach to security can be applied to all levels of IT systems. From the lone laptop accessing the internet from the coffee shop to the fifty thousand user enterprise WAN, Defense in Depth can significantly improve your security profile.

No organization can be ever be fully protected by a single layer of security. Where one door may be closed, others will be left wide open, and hackers will find these vulnerabilities very quickly. However, when you use a series of different defenses together, such as firewalls, malware scanners, intrusion detection systems, data encryption and integrity auditing solutions, you effectively close the gaps that are created by relying on a singular security solution.

Elements of defense in depth

With an ever-growing landscape of security threats to contend with, security companies are continuously developing new security products to protect networks and systems. Here are some of the more common security elements found in a Defense in Depth strategy:

Network security controls

The first line of defense when securing a network is the analysis of network traffic. Firewalls prevent access to and from unauthorized networks and will allow or block traffic based on a set of security rules. Intrusion protection systems often work in tandem with a firewall to identify potential security threats and respond to them quickly.

Endpoint security controls

Endpoint Security software is critical to protecting against viruses and malware. However, many variants often rely heavily upon signature-based detection. While these solutions offer strong protection against malicious software, signature-based products can be exploited by intelligent cybercriminals. For this reason, it is wise to use an Endpoint Security solution that includes heuristic features that scan for suspicious patterns and activity.

Analyzing data integrity

Every file on a system has what is known as a checksum. This is a mathematical representation of a file that shows the frequency of its use, its source and which can be used to check against a known list of viruses and other malicious code. If an incoming file is completely unique to the system it may be marked as suspicious. Data integrity solutions can also check the source IP address to ensure it is from a known and trusted source.

Behavioral Analysis

File and network behaviors often provide insight while a breach is in progress or has occurred. If behavioral analysis is activated it means the firewall or intrusion protection solutions have failed. Behavioral analysis picks up the slack and can either send alerts or execute automatic controls that prevent a breach from continuing any further. For this to work effectively, organizations need to set a baseline for “normal” behavior.

Domain 3: Cyber Security Monitoring

Cyber security monitoring describes the process of detecting cyber threats and data breaches. It is a crucial part of cyber risk management, enabling organizations to detect cyber-attacks in their infancy and respond to them before they cause damage and disruption.

Cyber security monitoring can be conducted at network and endpoint levels.

Network security monitoring

Network security monitoring tools aggregate and analyze security logs from a range of sources. Popular network monitoring tools include Security Incident and Event Management Systems (SIEM), Intrusion Detection (IDS) and Behavioral Analytics (BA) systems.

Endpoint security monitoring

Endpoint security technologies provide security visibility at host level, empowering cyber security teams to detect threat earlier in the kill chain. Popular endpoint security monitoring tools include Endpoint Detection and Response (EDR) and Endpoint Protection Platforms (EPP). We offer MEDR to combine both.

Why is security monitoring important?

As the modern workplace becomes increasingly cloud-focused and digitalized, the traditional network perimeter is blurring. Cyber threats are evolving to take advantage of new vulnerabilities that emerge daily.

While preventative security technology is capable of known signature-based threats, cyber security monitoring is required to identify more sophisticated threats that evade these controls.

Continuous cyber security monitoring helps organizations to:

  • Detect a broader range of threats
  • Reduce the time it takes to respond to attacks
  • Comply with industry and regulatory requirements

The challenges of in-house security monitoring

Security monitoring tools generate a large volume of alerts. Sifting through these to identify genuine incidents is resource-intensive and can lead to important security events being ignored.

Setting up a cybersecurity operations centre (CSOC) to undertake in-house security monitoring is cost-prohibitive for all but the largest organizations. The sheer expense of creating a facility, with all of the tasks this involves, has led so many organizations to procure managed security services.

Why choose an MDR service for cyber security monitoring?

To reduce the strain on already stretched IT teams, many organizations are turning to managed SOC services to meet their security needs. Acting as a virtual extension of in-house resources, a managed CSOC relieves organizations of the responsibility of managing security day-to-day.
Key functions a Managed SOC undertakes includes:

  • Technology deployment and management
    • Incident prevention
    • Security event monitoring
    • Alert analysis and investigation
    • Threat intelligence management

A flexible range of SOC services

  1. Managed Detection and response
  2. Managed SIEM
  3. Managed IDS
  4. Managed EDR
  5. Managed Vulnerability scanning
  6. Managed Behavioral monitoring

Talk to our CBT expert today or drop an email info@cbt.ae and of the member of our team will be happy to assist you.

Obtaining further

information by make a

contact with our

experienced IT staffs.

We’re available for 8 hours a day!
Contact to require a detailed analysis and
assessment of your plan.

Reach out now!