Response Tactics for Credential Theft.

Strategic Cyber Ventures has invited a number of people we admire to contribute to our blog. This week: Paul Donfried, Senior Vice President Corporate Development of ID Dataweb

You may recall last year when the Bangladesh Central Bank was robbed for $81M. It was done through the use of stolen credentials. Similarly, the 2014 criminal attack against Target was done through the use of logon credentials stolen from an HVAC contractor, an individual as part of the supply chain for the bank.

The attackers in the Bank case actually posted 35 payment instructions for $951M but the FED only processed 5 of them before failing to reconfirm the remaining instructions with the bank. The FED doesn’t view identity as being static. KYC, Know Your Customer, is not a one-time event, it is a continuous, dynamic process.

This is interesting because the FED demonstrated an adaptive authentication capability that it executed when presented with unusual behavior – a classic example of incident response employing the capability of adaptive authentication. The FED stopped 30 of 35 fraudulent transactions. However, the bank granted them all access, so the bank’s behavior was even more unusual.

Unfortunately, $81M later, most organizations, including banks, are still not leveraging adaptive authentication and other common fraud management techniques within their security and identity infrastructures. This proves to be a nightmare from an incident response perspective because as soon as you detect a incident or an event, you want to contain it and eradicate it as quickly as possible. Not being able to dynamically elevate your authentication protocol takes away an incredibly valuable tool.

KYC or ‘Know Your Customer’ can’t be viewed as a one-time event, with static credentials then satisfying all authentication requirements. The increasingly hostile environment we find ourselves in requires incident response capabilities that allow business to continue while immediately containing and eradicating threats and breaches in ways that also reduce and manage the attack surface.

As it becomes clearer to security and technology leaders that Identity is the new defense perimeter, dynamic adaptive authentication solutions will deliver valuable new incident response capabilities.

Leave a Reply

Your email address will not be published. Required fields are marked *