What Harry Potter Teaches Us about Constant Vigilance and Insider Threats

Share and earn Cybytes
Facebook Twitter LinkedIn Email

The character of Mad Eye Moody in “Harry Potter and the Goblet of Fire” preached “constant vigilance” against dark wizards, even as he was a villain in disguise. The real Mad Eye Moody had been kidnapped and locked in a trunk for an entire year, while an imposter assumed his form and took on his role as the defense against the dark arts teacher at Hogwarts School of Witchcraft and Wizardry. Not only was he an imposter, but he was a dark wizard, one of Lord Voldemort’s most loyal followers determined to take Harry out and restore Voldemort to full power.

“Constant vigilance” is sage advice for businesses too. With the threat of malicious insiders, undetected attackers moving around a network and other risks to mitigate, there is no “one-and-done” solution in security. Industry research such as the 2018 Verizon Data Breach Investigations Report (DBIR) helps the collective community keep an eye on trends and glean insights from lessons learned to get ahead of potential vulnerabilities before they become problems. A few key trends identified in the report caught my eye.

In manufacturing, notable trends include targeted attacks and intellectual property theft.  According to the report, cyber espionage accounted for 31 percent of all breaches in manufacturing. This number is down from last year, but cyber espionage remains a very real threat to the industry. Attackers go after manufacturing targets with a specific purpose in mind, choosing victims with valuable trade secrets and intellectual property. Once this sensitive information has been exfiltrated, competitors can use it against the victim on the market—a different approach than directly siphoning funds, but still ultimately results in financial gain for the attackers.

In the healthcare industry, the story of the year (keeping in line with previous years) is not just about outside attackers, but about insiders as well. Ransomware remains prevalent, though not at the constant onslaught that many people perceive. According to the report, most companies receive malware on six or fewer days a year. However, it only takes ONE successful ransomware attack to bring an organization to its knees. And while the security industry tends to focus on data being stolen by outside attackers, it’s important to pay attention to what is going on within the organization as well. This year’s report indicates there are many cases in which employees are misusing their accounts, whether intentionally or by accident. As such, employees with access to data beyond their role within the organization can become problematic.

Within healthcare, the report notes that employees sometimes misuse their credentials to access information they do not need in order to accomplish their tasks. For example, employees might search for a celebrity patient’s records out of curiosity, or “just for fun.” This type of activity underscores the importance of following least privilege principles, coupled with application control, as well as implementing privileged session monitoring capabilities. For even without malicious intent, the misuse of credentials can be just as damaging as stolen credentials, causing compliance and regulatory violations.

Many parts of the report apply across industries. While the report indicates that 78 percent of people didn’t click on a single phishing link all year (which is promising news), phishing and pretexting remain popular attack methods. Attackers only need one employee to click a link and open the door for the attacker to enter. Once an attacker has stolen credentials, they can maneuver within the network, escalating levels of privilege until they have the access they need to wreak the havoc they intend.

The report’s emphasis on education—making sure that employees are trained to identify and report social attacks such as phishing—is one important line of defense. Knowing what to look for is half the battle. However, it is imperative to have a strategy beyond education that prioritizes privileged access security. It remains just as important now as in recent years to practice least privilege principles along with privileged access management. Together, this provides businesses with a dramatically reduced attack surface. A focus on privileged access security  hygiene is also critical for an effective cyber security program. Tactics such as multi-factor authentication, vaulting and rotating sensitive credentials can help protect powerful accounts within the organization.

In the wizarding world, posting Dementors at the gates and hoping for the best simply isn’t enough. We can only hope that Hogwarts re-evaluated security in the post-Harry Potter era, considering the number of times Lord Voldemort and his cronies managed to break through the castle walls, sometimes even completely undetected. Cyber security is not magic. It takes strategy, planning and collaboration to reduce cyber security risk.  Not only must we be able to recognize the attackers outside the organization, but we must also guard against overreaching scope and seemingly innocent employees from becoming the attacker within. “Constant vigilance” includes protecting privileged access from the dark wizards of the cyber world. Contact us to learn more about how to protect your castle from the threat of dark cyber wizards.

The post What Harry Potter Teaches Us about Constant Vigilance and Insider Threats appeared first on CyberArk.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About CyberArk
CyberArk is the only security company that proactively stops the most advanced cyber threats – those that exploit insider privileges to attack the heart of the enterprise. The company has pioneered a new category of targeted security solutions to lock down privileged accounts and protect against cyber threats before attacks can escalate and do irreparable business damage. CyberArk is trusted by the world’s leading companies – including more than 40 of the Fortune 100 – to protect their highest value information assets, infrastructure and applications, while ensuring tight regulatory compliance and audit requirements.
Promoted Content
Advanced cyber attacks involve compromised privileged accounts. Cyber attackers target them because they represent the keys to the IT kingdom. Effective enterprise security includes proactively protecting privileged accounts. Industry experts have identified practices that increase an organization’s vulnerability to a cyber attack. How many of these are common at your organization?

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?