Sun Tzu said, “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” The same principle applies to business owners who are trying to secure their hard earned investments against cyber criminals who try into access company data. Knowing who the people are that are conducting cyber attacks, or more importantly what they want and how they operate can help any business owner identify risks, and take steps to protect their organization. Cyber security is a game of layers and the layer we are going to discuss in this article is “Initial Access“.
Who are these brokers?
In the not too distant past hackers were the people who broke into your systems and caused damage or stole sensitive information. As their business model developed hackers started to specialize. Ones who were good at breaking into customers websites, offices and online accounts were not necessarily good at monetizing the hacks, or moving around undetected in company networks. This is how the Initial Access Broker, or IAB came to be.
IABs are one of the biggest threats businesses face today. These are individuals or groups who specialize in finding and selling access to networks, systems, or applications that have known vulnerabilities. Naturally the lowest hanging fruit on this tree are user login information like passwords. The goal of IABs is to gain unauthorized access to sensitive data or systems, which they can then sell or use for their own purposes. This business of selling passwords and accounts is booming. According to this report from Crowdstrike there was a 112% increase in IAB advertisements offering access to breached organizations in 2022. IABs often sell their information to other cyber criminals such as ransomware organizations who seek to extort money by encrypting customer data or threatening to make it public. These groups have made a special target of small business. Here are five basic steps to protect against IABs.
Use a password management
Since selling stolen credentials is the business of these IABs it stands to reason that protecting all your logins is the smartest first move. Using the same password on all your accounts is an excellent way to incur security breaches. Password management can help here.
A password manager can provide several benefits for both individuals and businesses. One of the primary benefits is increased security. Password managers generate strong and unique passwords for each account, reducing the risk of password reuse and making it more difficult for hackers to gain access to multiple accounts. They can also detect weak or compromised passwords and prompt users to update them. Password managers can also save time by auto-filling login credentials, eliminating the need to remember or manually enter passwords. They can securely store other sensitive information, such as credit card numbers and personal identification documents. Password managers can improve security, save time, and provide peace of mind for both personal and business use.
Apply software updates regularly
One of the most effective ways to prevent IABs from gaining access to your systems is by patching them regularly. IABs often target known vulnerabilities in popular software, such as operating systems, web servers, and applications. By keeping your systems up-to-date with the software updates, you can significantly reduce the risk of a successful attack.
Use multi-factor authentication
Another way to secure your business against IABs is by using multi-factor authentication (MFA). MFA requires users to provide additional verification, such as a code sent to their phone, in addition to their username and password. This can prevent unauthorized access even if an attacker has stolen a user’s credentials. There has been a big push in 2022 to update all systems to include some form of two factor authentication.
Beware of MFA Fatigue
While MFA is a step in the right direction the report from Crowdstrike also mentions that “MFA notification fatigue” was being leveraged in cyber attacks to gain access to company data and systems. Users who must use multiple factors of authentication (MFA) to access their accounts or systems frequently may experience MFA fatigue, which is a situation where they feel overwhelmed or annoyed by prompts. This can lead to approving prompts without noticing that they are illegitimate.
MFA is a security technique that requires users to give two or more pieces of authentication before providing access, such as a password and a one-time code delivered to their phone.
While MFA can significantly improve security, it can also increase user complexity and inconvenience.
MFA fatigue can result from having to remember numerous passwords, codes, and devices because it takes time and effort.
Additionally, users can grow impatient with the extra processes and feel tempted to forego or disregard MFA entirely, which might ultimately jeopardize the security of their accounts or systems.
Limit user privileges
Another protection that can help to reduce the risk of IABs gaining access to sensitive data or systems in a small business, is to limit user privileges. To do this companies should employ the “Principle of Least Privilege“. It sounds complicated but it’s a simple idea. Here’s what it means.
According to the principle of least privilege, users and systems should only have access to the resources they actually require to do their duties. For instance, you shouldn’t have access to data from other departments if you work in accounting and only need to see financial data. This lessens the chance that errors or malicious activities may harm the system as a whole. By restricting access, an attacker will only be able to access the resources and information that the user was authorized to access. Even if the user’s account is hacked it is less likely that the cyber criminals will get access to the entire business. System administrators should assess and limit user privileges and permissions to the absolute minimum necessary. This entails establishing various access levels, such as read-only, write-only, or full access, and allocating people to each.
Conduct regular security assessments
Network security should not be left to chance. Regular security assessments can that can help identify vulnerabilities in your systems should be conducted before they can be exploited by IABs. These assessments should include penetration testing, vulnerability scanning, and code reviews. The topic of audits is a whole other subject on it’s own. I wrote an article describing the benefits of structured regular audits that you can read here. By conducting regular security assessments, you can stay one step ahead of IABs and proactively address any weaknesses in your security posture.
Educate your employees
Finally, it’s essential to educate your employees on the risks of IABs and how to prevent them. This includes training on how to identify phishing emails, how to create strong passwords, and how to report suspicious activity. By making security awareness a priority, you can create a culture of security within your organization and reduce the risk of a successful attack.
In conclusion, securing your business against initial access brokers requires a multi-layered approach. By patching your systems regularly, using multi-factor authentication, limiting user privileges, conducting regular security assessments, and educating your employees, you can significantly reduce the risk of a successful attack. Remember, security is a continuous process, and it’s essential to stay vigilant and proactive to protect your business against cyber threats