In 1995 the arrest of Kevin Mitnik signaled to companies around the world that privileged access could be obtained by a simple phone call. Fast forward over 28 years and we have news of several Las Vegas Casinos still falling victim to Social Engineering exploitation. Don’t you think now is a great time to ensure your organization follows guidelines for privileged account modifications?
Social Engineering, defined as psychological manipulation can include things such as phishing, water holing, piggy backing and more, but the gist of it is that someone in the business is tricked into providing or performing some action that allows the bad actor to gain some additional access. In some cases the bad actor takes information that is publicly available and uses it to trick help desk administrators into actions that elevate access that they should not have.
Mitigation of these types of exploits should be continually tested while privileged account notifications should be documented into a business process that includes escalated reviews. Some organizations have access to Security orchestration, automation, and response (SOAR) tools which can present holistic information concerning the account information and request fed directly from IAM toolsets. These can also present indicators of a phishing attack to assist in the determination of the legitimacy of account modification request.
Workflow is a term used in the industry and has different meanings depending on the tools being used, but at its core is a step-by-step process that someone kicks off and guides the user or process through a series of steps before a predetermined outcome, such as a new phone being enrolled for a privileged account. In our consultancy, we can help businesses test and create these workflows following industry best practices.
In conclusion, if you aren’t continually educating your workforce on Social Engineering mitigation through different channels, then now is a great time to start!
Jump-Start your social engineering mitigation plan today!
- Understand that every employee is a potential target!
- Establish policies and procedures considering Social Engineering!
- Create account modification workflows and playbooks with detailed steps!
- Ensure privileged accounts are only modified through a well-defined workflow and review these processes with the helpdesk during team meetings.
- Enable reporting of potential Social Engineering!
- Share best practices with the organization at large, including things like email security!
- Integrate account modification logging into your SIEM or SOAR system and ensure these are reviewed!
- Review Account modifications in a timely fashion through Identity Governance tools!
- Ensure you are continually testing and updating with data collected!