Access Reviews and Another Breach – Thoughts

Access Reviews and Another Breach. Too many breaches – hard to learn something from the cacophony of hacker attacks.  Let’s diset one, last years Marriott breach and see how “Access Reviews and Another Breach” could have possibly produced different results.

In February of 2020, Marriott International announced a data breach affecting what they said to be “an unexpected amount of guest information.” The hospitality company, which owns 30 brands and over 7 thousand international properties, believes that a hacker gained access in mid-January through an application used by Marriott brands with the login credentials of two employees at a franchise property.

During the breach information stolen by hackers included loyal account details (such as company affiliations, birth day and month, and gender), linked airline loyalty account numbers, and language preferences of over 5.2 million Marriott guests. During their investigation, Marriott officials determined that the passport information, driver’s license numbers, and credit or debit card numbers were not suspected to have been compromised in the data breach. While it is fortunate that hackers did not steal that information, the information they did access can create more opportunities for them to commit cyber crime.

Using the information that hackers were able to collect on Marriott customers, they can use that to create phishing campaigns to collect even more information from their targets. Even the employers of these customers are now vulnerable to phishing attacks, since this data was compromised during the breach.

Not the first time that Marriott has been victim to a data breach, the company could have been better at implementing practices to prevent this type of event from occurring. Two-factor authentication could have been implemented for employee accounts to limit access to the user themselves.

The organization should have also been conducting regular access reviews. During an access review, user accounts are reviewed to ensure that only authorized users have access to sensitive information. It is essential that users do not have the ability to access more information than they need to complete their duties, which the NIST 800-53  rev 5,  PR-AC.6 refers to this at the principle of least privilege (PoLP). This limits the amount of information a hacker can access if they were to successfully hack into an account.

In addition to limiting user access permission, access reviews can help organizations identify regular account activity so that patterns can be established. If a hacker has access to an account, it is likely that their usage of it will not match regular patterns. This can help organizations identify data breaches early, before the hacker can do more damage.

The Marriott data breach highlights the importance of development and implementing security measures to protect sensitive data. Through access reviews, organizations can mitigate the threats posed by cyber criminals.

Do Access Reviews Mitigate the Risk of Breaches? Access Reviews and Another Breach

YouAttest can interrput the cyber kill chain when the attacker attempts to escalate the stolen credentail’s privileges.   

YouAttest has a unique way of combining security and audit via it’s event triggering system – that triggers changes in key user/groups – and FORCES an attestation of the change.

Image #1:   In this case “Mark Millar” has to attest to the movement of a user in the Admin group.   This campaign was automatically created by the YouAttest admin group trigger. (do access reviews mitigate the risk of malicious privilege escalation) ( Access Reviews and Another Breach)

In this way YouAttest alerts key members on your team to review, approve or revoke the privilege escalation.  This is often a vital step in tha attackers steps to data exfiltration – that is using easily obtained user privileges and then escalating the privilege to admin or equally higher level.

YouAttest is the only cloud-based IGA platform that deploys in minutes.   YouAttest is continually adding features to its cloud IGA platform.  For information on YouAttest new “State-in-Time” feature for Change Review, please register for the next webinar:  “Simplifying Change Review Audits w/ YouAttest – featuring Stacey Cameron and Shannon Noonan of QoS Consulting Services“.