In the movie The Untouchables, a hit man pulls a knife to stab Sean Connery, then Connery pulls a shotgun on the hit man. The lesson from this scene is do not bring a knife to a gunfight.
A lot of corporate IT security staff must not have seen this movie. They are bringing knives to the data security fight while hackers bring guns, cannons, tanks and jet fighters.
With increasingly clever malware and phishing tactics, hackers are snagging users login credentials at a frightening pace and gaining access to networks. It can be as easy as exploiting a security hole in a web browser while the user is surfing the web to seize credentials and access privileged services.
While hackers poke, prod and probe networks every hour of the day looking for weaknesses, most corporate IT staff only review access privileges semiannually, quarterly or, if they are particularly diligent, monthly. The reviews are often perfunctory affairs that do not offer much in the way of detection or prevention.
That is not even bringing a knife to a gun fight; that is like remaining at the scene of the crime until the police arrive. Hackers have little fear of getting caught. The hacker who infiltrated Anthem’s customer database was not caught at all; Anthem did not detect the theft until 7 months later.
All of this responsibility does not necessarily have to fall to the corporate IT function. They are doing the best they can with what they have. If IT had to constantly examine and recertify user access with their current access management systems, they would not have time to do anything else. Their systems are typically a patchwork of manual or minimally automated security functions native to individual applications and databases. They do not exist in an integrated data security framework that enables IT to monitor usage of all key resources.
IT does not stand a chance of preventing more Anthem-level data losses until companies automate and analyze. Automating data extraction and cleansing provides a constant stream of user data. Analytical applications spot orphan accounts and irregular usage as they occur, not 7 or more months later. Arming IT with this kind of access management systems mean they are not going into the gunfight with a knife. It means they are ending the fight because the other side knows it cannot win.
Read Chris Sullivan’s recent ISACA Journal article:
“Accelerating Access Management to the Speed of Hacks,” ISACA Journal, volume 5, 2015.