It’s no longer just a consumer phenomenon
Identity theft, historically considered a consumer threat, is expanding its horizons. Looking for bigger game, attackers are targeting the enterprise with similar tactics used to hijack online and financial accounts belonging to individuals.
At their core, the theft of consumer and enterprise identities are similar in that they both involve the inappropriate acquisition and potential misuse of users’ digital credentials. What’s different is how these two types of identities are captured and exploited.
Consumer identities are typically acquired in large quantities via corporate database breaches. Recent examples include Target, Home Depot, Neiman Marcus and Anthem Blue Cross. These identities are usually then sold or farmed out to criminal groups that attempt to use them for illicit financial gain.
Enterprise identities, on the other hand, are not usually stolen in mass quantities. Instead, they are harvested using more stealthy methods such as email phishing/spear phishing attacks. With a few enterprise identities in hand, attackers can gain access to a company’s secure inner network and steal sensitive data, such as intellectual property or sensitive financial information.
With the advent of “open computing” trends introduced with cloud apps and BYOD, enterprise IT organizations have been forced to allow workers to connect to company networks from anywhere at any time. These developments are not only disintegrating the traditional network perimeter, they are also making the hijacking of enterprise accounts easier to accomplish and more difficult to prevent.
To complicate matters, enterprise IT departments are under continuous budget pressures to deliver services more quickly and at reduced costs. As a result, many businesses have jumped into the deep end of the cloud computing pool to capitalize on its promises of faster deployment and predictable costs.
While there are tremendous benefits to cloud computing, it also places confidential company data at risk of exfiltration in the event of account hijacking. In most cases, it is more difficult to protect enterprise access credentials in a cloud computing environment than a contained enterprise network. This creates an environment where credential theft is both hard to defend and very difficult to detect (until it’s too late).
In response to these changes, enterprises need to rethink security to address the new “attack surface” that’s been put in place.
Instead of relying on traditional siloed security tools, dated processes and manual operations to address this expanded attack surface, a more holistic approach is required.
This new model should be based on a centralized threat monitoring, policy definition and enforcement infrastructure that enables end-to-end visibility across on-premise systems and cloud applications — by rolling-up intelligence from multiple security tools, enterprise systems and business applications.
To detect corporate identity theft incidents, and other threats that on the surface appear “benign”, new techniques such as real-time analytics, machine learning, peer group modeling, and others, must be layered on top of this centralized infrastructure. This multi-dimensional approach is needed to protect against attacks that are themselves multi-dimensional.