News
53 million people impacted by data breaches – Netwrix commentary
February 2024 by Craig Ridell, Field CISO – NAM at Netwrix
The insurance group, Chancer, recently discovered that there was a 90 percent rise in people’s financial data being targeted in cyber cyber attacks in 2023 compared to 2022. As the financial sector aligns itself with global trends and continues to step towards an increased digitalised industry, enhanced cybersecurity is critical now more than ever.
Craig Ridell, Field CISO – NAM at Netwrix sheds light on the weak spots of organisations and the ways in which they can be addressed:
“The financial sector faces a vast number of attacks due to working with lots of sensitive data. According to 2023 Netwrix research, 77% of financial organisations detected a cyberattack, compared to 68% among other industries. Moreover, 24% of financial organisations estimated their financial damage from cyberthreats to be at least $50,000 while the same was true for only 16% of other organisations.
“Identities is a primary attack vector for cybercriminals because a compromised account – especially an admin one – provides an opportunity for lateral movement across the IT infrastructure of the victim and unfolds the attack further. If an organisation doesn’t detect unauthorised penetration promptly, malicious actors can remain in the system for a long time, gathering more access rights through lateral movement. As a result, one undetected account compromise can result into massive data breach.
“Such security concept as identity threat detection and response (ITDR) can help organisations create a more robust security architecture and minimise the risk of compromised identities. Solutions under this concept, including identity and access management (IAM) or privileged access management (PAM), provide the ability to monitor a system for unusual user behaviour and detect access attempts that deviate from regular patterns. When an abnormal event occurs, ITDR solutions enable a rapid response to potential threats by blocking out accounts, alerting the security team so they can take action, and forcing the account owner to reset their password.
“A PAM solution in place, powered by least privilege approach and just-in-time access, helps stop lateral movement and prevents cybercriminals from gaining more access rights, even if the organisation is already under attack. The least privilege approach means that users are provided with just as much privilege as needed to complete the task in hand. Paired with just-in-time access, when these least privileges are granted only for a limited period of time when a business user is actually performing the task, this approach drastically reduces the chances of abusing the access.
“The financial sector is a desired aim for cybercriminals, and it puts an additional pressure on security teams. To mitigate the risk of an attack turning into an actual data breach, it is crucial to ensure proper threat detection across the whole IT infrastructure. Regular internal security audits will help timely identify and fix security gaps.”
