In today’s digital landscape, where security threats loom large, safeguarding your organization’s sensitive data and digital assets is paramount. Fortunately, the Center for Internet Security (CIS) Critical Security Controls offers a practical roadmap to bolster your security posture.
In this article, we will explore how any organization, regardless of size or industry, can enhance its security using the CIS Critical Security Controls.
What are the CIS Security Controls?
The CIS Critical Security Controls (CIS Controls) are a prescriptive, prioritized, and simplified set of best practices that you can use to strengthen your organization’s cybersecurity posture. Today, thousands of cybersecurity practitioners from around the world use the CIS Controls and/or contribute to their development via a community consensus process.
The MGM Cyber Attack and Lessons in Risk Management
In the ever-evolving landscape of the digital world, cybersecurity has taken center stage. The MGM cyber attack serves as a stark reminder of the constant threat lurking in the shadows of the web. This unfortunate incident, though disconcerting, offers us a valuable lesson in risk management.
It is crucial to learn from these events and take proactive steps to safeguard our digital assets. In this article, we will explore the MGM cyber attack, the lessons it imparts on risk management, and provide practical mitigation steps and solution examples to help organizations
Understanding the MGM Cyber Attack
Before delving into risk management solutions, let’s take a moment to understand what happened during the MGM cyber attack. In September 2023, MGM Resorts suffered a data breach, leading to the exposure of personal information belonging to customers who transacted with MGM Resorts prior to March 2019. This included names, contact information, gender, dates of birth and driver license number. For a limited number of customers, the hackers also accessed Social Security numbers and passport details. According to Bloomberg, the breach stemmed from a social engineering breach of the company’s information technology help desk. MGM’s experience highlights the importance of robust cybersecurity practices.
A recent risk assessment of an organization’s IT environment revealed significant gaps in the current IAM framework, including ineffective access control policies, weak authentication mechanisms, and insufficient monitoring and auditing procedures.
This could as well be your organization, and here, we suggest recommendations to address these issues.
What is an Identity and Access Management or IAM Framework?
An Identity and Access Management framework is the combination of two information security controls: identity management and access management.
Identity management is the method used to classify a user, group or device on a network with the goal of placing identified resources into categories so that network and security policies can be applied. For example, it checks checks a login attempt against an identity management database.
Access management on the other hand refers to the way an organization determines who or what on a network has the right to connect to a particular resource as determined by factors like job title, tenure, security clearance, and project etc.
Data encryption is not one of the security options most companies think of providing for their senior executives who use, and travel, with laptops, netbooks and tablets so they can stay productive even when on the road. This is even more true of corporate executives who sometimes demand anytime, anywhere access to data residing on corporate servers.
While the big corporations can afford to spend millions of dollars on data protection hardware and software., the same cannot be said of executives in small and medium-sized organizations, especially when it comes to loss of personal information, including credit card data, patient records or other financial information, stored by the company.
Data breaches happen and information is lost every day due to small mistakes that could have been avoided by using data encryption technologies. For small businesses, these data loss events can be devastating.
The recent breach of OneLogin is once again shining the spotlight on the safety and sanity of entrusting sensitive data to cloud-based credential management services. OneLogin provides single sign-on for cloud-based applications.
What Is A Credential Management Service?
Credential management services that offer Single Sign-On or SSO are great, but as we are beginning to find out, it could also be a single point of entry to a treasure trove of sensitive data for cyber criminals.
How Does A Credential Management Service Work?
The way credential management services work is that after a user of these Identity and credential management services sign into their account, the service takes care of remembering and supplying the customer’s usernames and passwords for all of their other applications. It pretty much attempts to save the user the pain and stress of trying to remember numerous passwords, security questions and other hoops people normally have to jump through just to access some online services.
What Is The Problem With Credential Management Services?
While a lot of these services promise secure access to, and a simplified Identity and Access Management (IAM), the recent spate of multiple breaches of LastPass and now OneLogin makes us wonder just how efficient and secure these credential management services really are. And here is why: a single compromise exposes the credentials of all users, especially if that data theft includes the ability to decrypt encrypted data [thanks to Mark Maunder of Wordfence for that emphasis].
A breach that allows intruders to decrypt customer data could be extremely damaging for affected customers.
The vulnerabilities in credential management services like LastPass were so bad that Tavis Ormandy, a security researcher at Google’s Project Zero wondered if people were “really using this lastpass thing” because he took a quick look and could see “a bunch of obvious critical problems”.
In case you have not heard, another SSL Certificate provider, Dutch certificate authority DigiNotar, a subsidiary of Vasco Data Security, was breached recently and from the preliminary report coming from the company that did an audit, it looks pretty bad.
Some of the names in the list of bogus certificates generated by the attackers include Comodo, Google, Thawte, Microsoft, Mozilla, WindoswUpdate, WordPress’ MI6, the CIA, Facebook and Twitter.
The recent breach of 
In case you have not heard, another SSL Certificate provider, Dutch certificate authority