Cyber Leader Shake-up Causes Head-Scratching, Second-Guesses on Who to Trust
By David Geer
Removal of cybersecurity leaders affects national mood on federal security efforts
In April, Homeland Security Advisor, Tom Bossert resigned amid reports and rumors that the new National Security Advisor, John Bolton had forced him out. The Wall Street Journal suggests that John Bolton was bringing in his people and that Tom Bossert left as a result of those efforts; other officials with duties at the National Security Council departed as Bolton entered his position.
In May, John Bolton eliminated the cybersecurity coordinator/tsar role that Robert Joyce had held as part of the same “shake-up” at the National Security Council. Bolton intended the dethroning of Joyce and the deletion of his position to “streamline authority” inside the National Security Council, per Bolton’s aide, Christine Samuelian.
As data breaches ramp up, many interpret the quashing of the cyber leader positions as an act to restrain national cybersecurity efforts. Experts in government and education see moves to downsize federal cybersecurity management as poor timing when the U.S. is facing increasing nation-state sponsored attacks on elections and critical infrastructure. Given that more than one-third of U.S. federal agencies experienced data breaches in the past year, it’s a bad omen for the federal government to allow cybersecurity initiatives to wither, as is apparent with the downsizing.
More than four out of five hacking-related breaches leverage weak or stolen passwords, according to Verizon’s Data Breach Investigations Report. According to Forrester, 80-percent of security breaches involve compromised privileged credentials, which includes administrative privileges on enterprise servers and resources. With stealthily hijacked credentials running wild and the central government demonstrating disorientation and distraction in its security oversight, where are you to look for guidance in safeguarding your data?
Breaches increasing since cyber leader power plays
Breaches and exposures continue to mount since the cyber leader upheavals. Business and consumer data aggregator, Exactis recently exposed 340 million accounts. The account data included more demographics than most records do such as information about personal habits, religion, children, and pets.
The Ticketfly breach of late May exposed 27 million user accounts. The concert/event ticket distribution service’s data disaster revealed names, emails, phone numbers, and addresses. The site was slow in coming back online.
An Adidas breach exposed millions of accounts to an unauthorized party in late June. The compromised data included encrypted passwords, usernames, and contact data. Affected consumers used Adidas’ US e-commerce site, which was the target of the attack.
The recent TaskRabbit breach affected 3.75 million of the app’s users and contractors. Unfortunately, users bank account and social security numbers are at risk from the freelance labor marketplace fiasco. The private sector needs to defend itself against cyberattacks regardless of White House moves or missteps.
Look to Zero Trust for protection
Zero Trust Security, powered by Next-Gen Access for identities, credentials, and privileged access, can block nation-states and criminal cyber elements that compromise users to siphon off data. Zero Trust assumes that the only way to truly be secure is to remove trust entirely and to adopt a “never trust, always verify” posture. For example, Identity & Access Management leader Centrify touts a Zero Trust approach that verifies every user, validates their device, limits access and privilege, and then learns and adapts using machine learning and behavior analytics to identify suspicious patterns in user behaviors.
Patterns can include the atypical and potentially malicious use of applications, inappropriate searches and attempts at file access, and anything that strays from expected behavior based on a baseline of typical user activity. Machine learning also considers whether user activity is appropriate given the user’s context such as their location or the time of day.
Machine learning enables Next-Gen Access to assign a risk score to the user based on behavioral analysis. Depending on the risk score, Next-Gen Access clears the user so they can continue their work via Single Sign-On (SSO), challenges the user using Multifactor Authentication (MFA), or blocks the user entirely.
Centrify SSO limits weak, risky passwords, using a single passphrase across all your resources. With SSO, employees and partners are more effective and efficient and enjoy a more inviting experience. Next-Gen Access uses MFA to handle authentication’s heavy lifting. Centrify works with the gamut of authentication technologies including Smart Cards, OTP, FIDO U2F security tokens, and Centrify’s Mobile App.
Centrify Next-Gen Access
Centrify Next-Gen Access interweaves Identity-as-a-Service (IDaaS), enterprise mobility management (EMM), privileged access management, machine learning, and behavior analysis to continuously track, analyze, and confirm every user and device, every time without significantly impacting productivity and agility.
Hackers are no longer hacking their way into your systems. They are logging in just like the rest of us, likely using one of our identities and stolen or weak credentials. We see identity-exploiting breaches in headlines daily. With Centrify Next-Gen Access, you can secure the leading attack vector by placing Zero Trust in anyone.
