[BreachExchange] Monitoring logons 'the most effective way to detect data breach'

[Destry Winant]

https://www.scmagazineuk.com/monitoring-logons-the-most-effective-way-to-detect-data-breach/article/684852/

Monitoring corporate logins is the most effective way to detect a data
breach within an organisation, according to a new report on the ‘key
indicators of compromise' by IS Decisions.

Mismatched port and application traffic, increases in data reads or
outbound traffic, geographical irregularities regarding the perimeter
of the organisation, and data access at irregular times and locations
are other key indicators identified. But the one common activity
across nearly all attack patterns, necessary to perform basic hacks on
network perimeters and endpoint devices, and move laterally across
devices to access data unlawfully, is use of corporate logins.

It is involved in 81 percent of hacking-related breaches thus the key
area upon which to focus efforts says the report which adds that
organisations able to monitor and alert administrators to irregular
logins are better positioned to mitigate the damage of any security
breaches when they occur.

François Amigorena, CEO at IS Decisions comments: “An attacker is
virtually powerless to do anything within your organisation unless
they are able to compromise a set of internal credentials. Therefore,
along with any anti-virus, firewall or anti-malware software you have
in place, you must also have a way to track logins, and make sure that
anybody logging in to your network is exactly who they say they are.

“Some of the most high-profile cyberattacks in recent history — like
what happened to Three, Sony, Dropbox, Sage and Anthem — have occurred
because of compromised employee credentials. Had these companies
monitored logons, they could've saved themselves a lot of money and a
huge PR nightmare.”