In an interview to the Guardian, the Major General has however pointed out that the number of successful attacks was hard to quantify. The number of serious incidents is quite small, but it is there, he has been quoted as saying.
Details about the exact nature of the cyber-attack, the cause and effects have not been revealed. But, the veteran officer who has spent the last year reviewing the Defence Ministry’s approach to cyber-security says:
“It is quite right to say that pure defence, building firewalls, will not keep the enemy out. They might be inside already … there is no such thing as total security. You have to learn to live with certain insecurities. One needs to engage in internal defence and be quite aggressive about it”.
The above statement sums it up all!
In this blog series, time and again, we have been highlighting the causes for cyber security incidents, especially the ones arising due to lack of proper internal controls. In the backdrop of this security incident in the UK’s Ministry of Defence, we are compelled to reiterate the facts again.
The biggest threat to the information security of your enterprise might be germinating inside, right at your organization! The business and reputation of some of the world’s mightiest organizations have been shattered in the past by a handful of malicious insiders, including disgruntled staff, greedy techies and sacked employees.
In most of the reported cyber-sabotages, misuse of Privileged Access to critical IT infrastructure has served as the ‘hacking channel’ for the malicious insiders to wreak havoc on the confidentiality, integrity and availability of the organization’s information systems, resulting in huge financial losses.
In government agencies, insider threats might even result in jeopardizing the security of the Nation.
Lack of internal controls, access restrictions, centralized management, accountability, strong policies and to cap it all, haphazard style of privileged password storage and management makes the organization a paradise for malicious insiders.
Tightening Internal Controls – Need of the Hour
One of the effective ways to combat insider threats is to tighten internal controls. Access to IT resources should strictly be based on job roles and responsibilities. Access restrictions are just not enough. There should be clear-cut trails on ‘who accessed what and when’.
Internal controls could be bolstered in organizations by automating the entire life cycle of Privileged Access Management enforcing best practices. ManageEngine Password Manager Pro, a trusted solution precisely helps achieve this.
A secure vault for storing and managing shared administrative passwords and digital identities, Password Manager Pro helps eliminate password fatigue and security lapses, achieve preventive and detective security controls, meet security audits and improve IT productivity.
With insider threats looming large, taking preventive action is the need of the hour.