One of the key findings from Singapore’s healthcare hack was lack of protection for high-value admin credentials.
Common passwords and improperly managed user ID policies were singled out by the official inquiry and allowed foreign hackers to break in and steal the Prime Minister’s healthcare records.
Your agency could face these same issues. Israeli company and industry pioneer, CyberArk, are specialists in this area and show how 30 days can be enough to rebuild cyber defences.
1. Limit exposure
Your first step is to restrict the use of administrator accounts only to situations that absolutely require it. These passwords should be stored in a vault with multi-factor authentication required to access them.
Agencies should segregate the different kinds of administrative accounts based on what they are used for. For example, accounts used for workstations, domain administrators and server administrators should not be used for other purposes.
Only those who need domain access for their regular work should have access to these accounts. End users and frontline officials, for instance, can be given temporary – and managed – access only.
Agencies should randomise passwords for admin accounts to make them unique. To do this, agencies will need tools to monitor the use of passwords and ensure they are unique for each user.
These seem like common sense steps, but an alarming number of hacks have been made possible by weak, default or stolen passwords. Get some simple tools to manage your employee’s passwords.
2. Increased monitoring for theft
The next stage is to have an alerts system in case employee credentials are stolen.
Agencies can monitor in real-time which sessions are under administrative access. They can then use analytics to detect anomalies, for example, if there is an attempt to use log in after working hours or from an unusual location.
3. Sprint mindset
Cyber defences can sound cumbersome, as though they take years to develop. But CyberArk can help agencies take on a “sprint mindset”, where they prioritise immediate improvements in 30 days and focus on simple steps first.
They will need to set up a dedicated team for this sprint. It doesn’t need to be a big one: a team of eight employees and one security consultant are able to secure 6,500 servers in just four weeks. They will need to identify technologies in advance for password vaulting, multi-factor authentication and threat detection.
Have I done enough?
How do you know if what you’ve done is enough? Agencies can use two key metrics for measuring progress.
First, test the amount of time attackers take to compromise high-value accounts before and after these changes. Second, scan the network with automated tools before and after these changes.
To find out more, download the Rapid Risk Reduction Report from CyberArk.
Image from Cybersecurity Agency Facebook Page