Anatomy of A Breach - Cyber Security
Anatomy of A Breach - Cyber Security
Anatomy of A Breach - Cyber Security
of a Breach
How hackers break in
and how you can fight back
TABLE OF
CONTENTS
03
Introduction:
04
Stage One:
05
Industry Profile:
07
Stage Two:
08
Industry Profile:
10
Industry Profile:
12
Stage Three:
13
Industry Profile:
15
Stage Four:
16
Industry Profile:
18
Industry Profile:
20
Conclusion:
Introduction
The Four
Stages of
a Breach
Stage One:
03 Anatomy of a Breach
04 Anatomy of a Breach
05 Anatomy of a Breach
Many factors contributed to the overall breach. The hospital didnt segregate its network from other organizations,
allowing attackers to enter through the less-protected
network. Common credentials were used throughout the
network, making it easier for attackers to access different
areas once they were in. Plus, legacy applications developed in-house were operating with privileges that were
too open. It took several years to redesign and rebuild the
network, plus a cultural shift to reclaim it.
Once a foothold is established, an attackers job becomes
easier. Entering a network through one of these methods
allows an attacker to uncover more powerful credentials,
opening up new, potentially more sensitive areas of the
network.
An Ounce of Prevention
Stronger security measures, including staff training and implementing the right technology solution,
can help hospital networks stay healthy.
We recommend the following preventive measures:
Implement a solid foundation of industry security
standards: Segregate networks, enforce strong password
requirements, follow least privilege practices, and require
individual passwords for each network or access area. This is
particularly critical for legacy devices that are susceptible to
attack, but cannot be patched.
Upgrade networks: Keep network infrastructure up to
date to ensure you have the latest security
06 Anatomy of a Breach
Use solutions with assurance built in: The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
applies to all U.S. healthcare companies and establishes requirements for the use, disclosure, and safeguarding of individually identifiable health information. Microsofts Cloud
Services are compatible with HIPAA, and the Advanced
Threat Protection feature in Windows 10 and Office 365
automatically screens all attachments and links included in
incoming email for potential threats. Questionable material
is not allowed to reach the end users, reducing social
engineering threats to your network.
07 Anatomy of a Breach
08 Anatomy of a Breach
09 Anatomy of a Breach
10 Anatomy of a Breach
maintains the businesss control, and leverages the expertise of the service provider.
If the environment includes many systems with excess
capacity, the company should consider shifting them to
a trusted cloud service. The cloud provides the ability to
have full platform, infrastructure, and services without
having to set up and maintain all the systems and datacenters. The company does not have to manage patching and
administering operating systems and hardware.
It is always important to ask questions, be it of an outsourcing vendor or a cloud service provider, about its practices
and policies on data security, privacy and control, compliance, and transparency. If the beverage company had
identified the risks in the outsourcing companys security
practices, it could have made a more informed decision
about where to place its trust.
After you review your situation, you may determine that going with an outside vendor or cloud
service provider is the best option. Make sure to review, vet, and scrutinize the potential provider
diligently. Ask it questions, and find out if it carries insurance in the event disaster strikes.
Ask your potential vendor these questions:
Do you follow Enhanced Security Administrative Environment (ESAE)
best practices?
Do you enforce restrictions regarding where Domain Administrator (DA)
and Enterprise Administrator (EA) accounts can logon?
Do you use privileged Identity Management for Active Directory Azure?
11 Anatomy of a Breach
12 Anatomy of a Breach
Because the organization used the same local administrative password across departments, the attacker was able
theft and what went wrong. You cant put a dollar figure
tem for future use. In either case, the system is now open
13 Anatomy of a Breach
Privileged Identity Management for Active Directory: Allows you to manage, control, and monitor your
privileged identities and their access to resources in Azure
Active Directory plus other Microsoft online services (e.g.,
Office 365 and Microsoft Intune).
Microsoft Advanced Threat Analytics (ATA): Uses
behavioral analysis to monitor anomalous use of accounts
and credentials.
14 Anatomy of a Breach
Advanced persistent threat (APT): A targeted attack against a specific entity that tries to avoid detection
and steal information over a period of time.
Assume Breach: This is a strategic mindset. For
business leaders and CISOs, it means shifting your focus
from purely preventive security measures to detection,
response, and recovery from security issues.
15 Anatomy of a Breach
16 Anatomy of a Breach
17 Anatomy of a Breach
18 Anatomy of a Breach
Purchase protection
The best way to prevent hackers from attacking through a remote access connection is to simply ban
remote access, but this isnt realistic for many enterprises, including those in online services and in retail.
Here are some safer ways to allow vendors to access your network:
Publish via Azure: Move certain in-house workloads,
such as web interface access and backend databases, to
a trusted cloud platform as a service (PaaS). The cloud
workload can be kept at a minimal level of access to only
required data on the in-house network. This method limits
both the number of users that have direct access to a customers network, and it reduces the privileges a user within
the network needs to have by limiting access to required
PaaS resources only.
Multi-factor authorization (MFA): Requires users to
provide additional verification beyond just username and
password; for example, by using a phone call or text message to confirm the users identity
19 Anatomy of a Breach
Conclusion
Protect,
Detect,
Respond
Microsoft is committed to helping you keep your data and systems secure and private. To learn more about best practices for cybersecurity, privacy and control, and compliance in your organization, visit www.microsoft.com/trustedcloud.
The Trusted Cloud team gratefully acknowledges Bruce Cowper, Kasia Kaplinska, Matt Kemehar, IB Terry, and Yvette Waters for sharing their time, knowledge, and talent in the development of this eBook.
2016 Microsoft Corporation. All rights reserved. This document is for informational purposes only. Microsoft makes no warranties,
express or implied, with respect to the information presented here.
20 Anatomy of a Breach