Unfortunately, it is becoming less and less surprising for organisations to discover that a data breach wasn't an external attack, but an internal one. In fact, a global study by Ponemon Institute that examined 383 companies across 12 countries found that hackers and criminal insiders were responsible for 48 percent of data breaches. Incredulously, according to the study, the average total cost of a data breach equalled US$ 4 million (£2.9 million) - a 29 percent increase from 2013.
Just last year, there were more data breaches in the first half of 2017 than the whole of 2016, and whether accidental or malicious, it is becoming more commonplace for lapses in internal security to result in headline-grabbing data breach scandals. With the General Data Protection Regulation (GDPR) incoming, and data law becoming more stringent, enterprises are now under immense pressure to secure their sensitive data – especially from the growing threat of insider attacks.
Insider attacks resemble many crimes, for example: cross border economic espionage; well-planned conspiracies to steal trade secrets; and copying personal data to sell on the black market. No matter the reason behind it, if an organisation isn't prepared, the costs and damage to reputation can be significant.
According to an 2017 Insider Threat Report, 74 percent of companies feel that they are vulnerable to insider threats, with seven percent reporting extreme vulnerability. The same report suggests that 53 percent of companies estimate remediation costs of US$ 100,000 (£72,000) and more, with 12 percent estimating a cost exceeding US$1 million (£720,000).
For an attacker to gain the most ransom and return on investment, they look to infiltrate systems that include the most sensitive files. Therefore, a network that compromises a collection of the company's information and employee's sensitive data is destined to be the first port of call for an internal threat actor.
As adoption for Microsoft Office 365 continues to grow, the complexity of securing AD increases. There are over 10 billion Azure Active Directory (AAD) authentications annually, and 10 million of those are attempted cyber-attacks. Used by all Office 365 applications to authenticate users, AAD serves as the central nervous system that makes Office 365 possible. However, every Office 365 instance requires a separate AAD tenant — which is yet another environment IT must manage and secure.
In short, any access gained through on-premises AD can have repercussions not just within AAD; they can also reach well into any web-based applications leveraging AAD. Therefore, a continuous lifecycle methodology with an end-to-end hybrid AD security solution is critical for any organisation.
There is no slam-dunk approach to AD security, but organisations can guard against insider threats to AD by following a set of key practices. The first step in reducing risk is to clean up the network systems. This begins with the IT environment. By mitigating the number of forests and domains within a network, an organisations' IT surface area becomes reduced and therefore less accessible to attack. Limiting the amount of permissions accessible into a sensitive network hardens the access control and further minimises the risk that valuable data could be compromised.
Plan, test and implement business continuity processes
It is important to remember that once the IT network is properly secured and risk is at a minimum, then organisations must monitor the actions of everyone with access, as, security is not a one-time configuration event, but an ongoing process.
Active Directory underpins not just an organisation's security model but is also the key to providing the services and facilities that GDPR demands. An outage as a result of changes during an internal or external attack of AD will often result in a failure of services customers require and are entitled to. As a result they may well become an organisation of interest for the Data Protection authorities.
Contributed by Colin Truran, principal technology strategist, Quest Software.
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.