Monitoring corporate logins is the most effective way to detect a data breach within an organisation, according to a new report on the ‘key indicators of compromise' by IS Decisions.
Mismatched port and application traffic, increases in data reads or outbound traffic, geographical irregularities regarding the perimeter of the organisation, and data access at irregular times and locations are other key indicators identified. But the one common activity across nearly all attack patterns, necessary to perform basic hacks on network perimeters and endpoint devices, and move laterally across devices to access data unlawfully, is use of corporate logins.
It is involved in 81 percent of hacking-related breaches thus the key area upon which to focus efforts says the report which adds that organisations able to monitor and alert administrators to irregular logins are better positioned to mitigate the damage of any security breaches when they occur.
François Amigorena, CEO at IS Decisions comments: “An attacker is virtually powerless to do anything within your organisation unless they are able to compromise a set of internal credentials. Therefore, along with any anti-virus, firewall or anti-malware software you have in place, you must also have a way to track logins, and make sure that anybody logging in to your network is exactly who they say they are.
“Some of the most high-profile cyberattacks in recent history — like what happened to Three, Sony, Dropbox, Sage and Anthem — have occurred because of compromised employee credentials. Had these companies monitored logons, they could've saved themselves a lot of money and a huge PR nightmare.”
