When we say “hack,” what do you think of?
Assuming you ingest the same cultural diet as most Americans, you already have a solid image; a dark-hooded figure in a low-lit room, illuminated only by the blue light of their screen. Furiously they type complex commands and code into their multi-screen endpoint, bypassing security and evading their security opponents. Depending on your choice of movies, you could face entire teams of hackers.
Certainly, this image can strike fear into the heart of any enterprise decision-maker. However, the reality of a hack may surprise you. In fact, the reality of a hack might be far simpler than you could imagine.
Privileged Access Management solution provider Centrify offers an on-demand webinar “The Anatomy of a Hack: Perception vs. Reality,” to demonstrate this dichotomy.
The Reality of a Hack
Centrfy’s Natasha Dolginsky notes the reality of a hack usually involves users’ credentials. Yes, it really can be that simple; hackers just have to log in with stolen, lost, or guessed passwords. After all, who need complex codes when a stolen credential can provide hackers easy access?
Dr. Torsten George notes the average hacker is precisely that: average. No dark hoods or complex codes, just ordinary people doing their (malicious) jobs. Moreover, the most terrifying kinds of attacks such as DDoS and Zero-Day attacks prove incredibly rare when examined statistically.
Instead, the reality of a hack often involves simple phishing attacks and stolen credentials—often privileged access credentials. Often, hackers use credential stuffing attacks using lists of stolen passwords on the Internet or even just simple guessing.
How can hackers get away with these tactics? How can companies struggle with their cybersecurity when the reality of a hack proves so mundane?
Are You Facing Reality?
Enterprises often confuse the perception of a hack for the reality of a hack. Thus they tend to invest in inadequate antivirus solutions in the vain hope to staving off an attack; while these may offer protection against DDoS attacks, they can’t defend against identity threats.
Meanwhile, hackers can easily circumvent your enterprise’s single-factor authentication systems. All they need is patience and time. Additionally, hackers often seek out privileged users’ accounts in particular because of the massive power they wield.
Without identity management and privileged access management, your enterprise can’t hope to stand up to the reality of a hack. Rather than focusing on rare cyber attacks, they provide critical identity security capabilities.
Specifically, they offer multifactor authentication (MFA). MFA asks all access requesters to input multiple factors before granting access to your network, databases, or digital assets. These can include:
- Biometric factors (physical and behavioral).
- Time of Access Request.
- Location of Access Request.
- Presence of a Hard Token.
- An SMS message to a different account.
Every factor between the request and the access creates another barrier to entry hackers must cross. Usually, hackers don’t bother trying to penetrate truly secure enterprises; they prefer to target low-hanging fruit.
The moment you implement a next-generation privileged access management solution, your business shows itself prepared for the reality of a hack. Why delay another second?
You can watch the full Centrify “The Anatomy of a Hack: Perception vs. Reality” on-demand webinar here. You can also check out our Privileged Access Management Buyer’s Guide for more information on vendors and key capabilities.
Latest posts by Ben Canner (see all)
- The 16 Best Identity Governance Tools for 2020 - February 18, 2020
- How Do Privileged Identity Management Tools Work? - February 12, 2020
- Expert Commentary on Safer Internet Day for Businesses - February 11, 2020