CIO Influence
Cloud Guest Authors IoT Security

Fortifying Security: Lessons from Recent Cybersecurity Attacks

Fortifying Security: Lessons from Recent Cybersecurity Attacks

In recent years, cybersecurity has become a critical concern for businesses worldwide. Even the most prominent companies are not immune to cyberattacks, as evidenced by the high-profile breaches at MGM Resorts and Caesars Entertainment. These incidents are stark reminders of the importance of robust cybersecurity measures in today’s digital landscape.

MGM International were recently victims of a cyber security attack. A malicious actor found an MGM employee on LinkedIn and used their information to call the IT help desk and request a password reset for a privileged account. The attacker lurked on MGM’s Okta single sign-on (SSO) service, sniffing passwords. MGM shut down all of their Okta sync servers as soon as they detected the Okta access.

Also Read: CIO Influence Interview with Serge Lucio, VP and GM of Agile Operations Division at Broadcom

Once these servers were shut down, the attackers launched a ransomware attack, which caused a shutdown of the MGM website and employee portals. Guests had to be checked in and out of their hotels manually by employees using clipboards, and they were not able to review receipts or charges at the time. Kiosk ATMs and credit card functions were down or severely limited, and all g******* machines were hand-paid out by employees. In addition, elevators and phones were down, and guests could not turn off lights or close the drapes in technology-based hotel rooms.

There are a few methods that could have prevented this attack, such as zero trust architecture (ZTA), the principle of least privilege (PoLP), and multifactor authentication (MFA).

Also Read: Industries Under Siege: The Rising Threat of Cyberattacks in 2024

Zero Trust Architecture

The core principle underlying the Zero Trust security model revolves around the mantra of “never trust, always verify.” This means that, by default, users and devices should not be deemed trustworthy, even if they are connected to a network with permissions, such as a corporate LAN, or have been previously authenticated.

ZTA is executed by implementing robust identity verification, confirming device compliance before allowing access, and ensuring that access is granted to only explicitly authorized resources. Today’s corporate networks are highly complex, comprised of multiple interconnected zones, cloud services, remote and mobile environments, and unconventional IT components like IoT devices. In this intricate network landscape, the conventional notion of trusting users and devices within a predefined corporate perimeter or through VPN connections is deemed obsolete.

The Zero Trust approach advocates for mutual authentication, encompassing the scrutiny of user and device identities and integrity, irrespective of location. Access to applications and services is granted based on the combined confidence in the user’s identity, device integrity, and user authentication rather than relying solely on network location. The ZTA has found relevance in various domains, including supply chains, where security must extend beyond traditional boundaries to protect sensitive information and resources effectively.

Also Read: The Cost of Delaying Smart Cloud Strategies for Cloud-Reliant Companies

Principle of Least Privilege

The PoLP pertains to granting users the smallest necessary level of permissions required to carry out their job responsibilities. This is widely acknowledged as a cybersecurity best practice and represents a foundational measure for safeguarding privileged access to valuable data and assets. It is important to note that the PoLP is not limited to human access alone.

This model can be employed in scenarios involving applications, systems, or interconnected devices requiring specific privileges or permissions for executing essential tasks. Enforcing the PoLP guarantees that non-human tools possess precisely the necessary access and nothing beyond that. To effectively implement least privilege, it is imperative to establish a centralized mechanism for managing and securing privileged credentials. Additionally, having adaptable controls is crucial as they can strike a balance between cybersecurity and compliance mandates on one hand and operational and end-user requirements on the other.

As seen in this recent attack, a help desk technician can have high levels of authority, given the nature of their responsibilities, which can include password resets, mail access, and setting up Active Directory accounts. This makes the help desk a desirable target for attackers.

Multi-factor Authentication

MFA requires multiple methods of authentication on top of an account password in order to verify a user. Examples of MFA include time-based one-time passwords, SMS text message tokens, email tokens, hardware security keys, biometric authentication, and security questions. It is best practice to use a combination of these methods as it is a proactive approach to enhancing security, meeting compliance requirements, and safeguarding against a variety of threats. It adds layers of defense, making it significantly more challenging for attackers to gain unauthorized access to systems and data.

Recommendations for Attack Monitoring

The first step for attack monitoring is to monitor for privileged account activity such as account creation, deletion, and alerts on password activity. You should have thousands of rules in place that you monitor for various activities across your network.

You should also have an “Authorized to Modify” capability, which prevents unauthorized users from conducting any changes. Use Okta-specific rules that monitor for any unusual behavior from those accounts, such as password-related activity.

Ransomware is delicate; attackers will launch their attack once they realize they have been discovered. If you can keep their discovery a secret and set up a perimeter, you will have more success in saving data and backups. A perimeter may include segmenting networks, identifying targeted accounts, deactivating them, and changing their password.

The recent cyberattacks are glaring examples of the persistent and evolving threat landscapes that organizations face. While these incidents underscore the importance of implementing strong cybersecurity measures, they also illuminate the path forward. ZTA, the PoLP, and MFA represent pivotal tools in an organization’s cybersecurity arsenal. By adopting these best practices, organizations can bolster their defenses and digital perimeters and proactively safeguard against the ever-present, ever-adaptive threats in today’s interconnected world.

[To share your insights with us as part of editorial or sponsored content, please write to psen@itechseries.com]

More Insights From The Tech-IT Times by CIOInfluence.com Featuring Todd Cramer, Director Business Development- Security Ecosystem at Intel CCG-Commercial Client Group

Related posts

Oleria Raises $33Million Series A to Usher in New Era of Adaptive and Autonomous Identity Security

PR Newswire

CYTRACOM Announces Industry-Leading Network Security for MSPs with ControlOne’s New Passwordless Experience and Silent Deployment

PR Newswire

McNally Capital Portfolio Company, Xcelerate Solutions, Merges with VMD Corp

Business Wire