"The key to successfully detecting such an attack is to be able to identify changes in user behavior."
Commentary by Egon Kando, Exabeam
“The coordinated social engineering attack on Twitter is unprecedented. What seems clear at this point is that it is an attack based on compromised user data, either by unsuspecting employees or via an allegedly malicious insider on the network. Both of these things happen quite often, as almost half of all data breaches are caused, consciously or unconsciously, by some type of insider threat.
You can't always trust your own employees
Almost all major security breaches are currently carried out by attackers who misuse stolen user information. The greatest risk to the security of a company is often posed by privileged insiders with access to company-critical information. Even the best network security can be leveraged internally because this type is sometimes more difficult to detect than many external threats. An attacker with valid access data is initially difficult for security teams to distinguish from a normal user.
Working from home has increased the risks
Egon Kando, Regional Sales Director Central & Eastern Europe at Exabeam
The hack of prominent Twitter accounts will most likely not be the last if organizations do not take their security to the highest level. The COVID-XNUMX crisis and working from home with insecure technologies have raised the risks by a notch - and security practitioners now need to stretch the "visibility and analysis net" much further to better detect, investigate, and address these risks.
Analysis of user behavior is the key to success
The key to successfully detecting such an attack is being able to identify changes in user behavior. This means that one must first get a clear understanding of the normal behavior of everyone accessing a network. If you know the normal behavior, anomalies are easier to recognize. The detection time plays a major role here: The quicker it is recognized that something fishy is happening in the network, the less time the attackers have to "stay" in the network. And this can make the difference between a successful and averted attack - and can thus save the reputation or, in extreme cases, the entire company.
Go to Exabeam.com