What Harry Potter Teaches us about Constant Vigilance and Insider Threats

The character of Mad-Eye Moody in “Harry Potter and the Goblet of Fire” preached “constant vigilance” against dark wizards, even as he was a villain in disguise

The real Mad-Eye Moody had been kidnapped and locked in a trunk for an entire year, while an imposter assumed his form and took on his role as the defence against the dark arts teacher at Hogwarts School of Witchcraft and Wizardry. Not only was he an imposter but he was a dark wizard, one of Lord Voldemort’s most loyal followers, determined to take Harry out and restore Voldemort to full power.

“Constant vigilance” is sage advice for businesses too. With the threat of malicious insiders, undetected attackers moving around a network and other risks to mitigate, there is no “one-and-done” solution in security. Industry research such as the 2018 Verizon Data Breach Investigations Report (DBIR) helps the collective community keep an eye on trends and glean insights from lessons learned to get ahead of potential vulnerabilities before they become problems. A few key trends identified in the report caught my eye.

While the report indicates that 78 percent of people didn’t click on a single phishing link all year (which is promising news), phishing and pretexting remain popular attack methods. Attackers only need one employee to click a link and open the door for the attacker to enter. Once an attacker has stolen credentials, they can manoeuvre within the network, escalating levels of privilege until they have the access they need to wreak the havoc they intend.

The report’s emphasis on education—making sure that employees are trained to identify and report social attacks such as phishing—is one important line of defence. Knowing what to look for is half the battle. However, it is imperative to have a strategy beyond education that prioritises privileged access security. It remains just as important now as in recent years to practice least privilege principles along with privileged access management. Together, this provides businesses with a dramatically reduced attack surface. A focus on privileged access security hygiene is also critical for an effective cyber security program. Tactics such as multi-factor authentication, vaulting and rotating sensitive credentials can help protect powerful accounts within the organisation.

In manufacturing, notable trends include targeted attacks and intellectual property theft.  According to the report, cyber espionage accounted for 31 percent of all breaches in manufacturing. This number is down from last year, but cyber espionage remains a very real threat to the industry. Attackers go after manufacturing targets with a specific purpose in mind, choosing victims with valuable trade secrets and intellectual property. Once this sensitive information has been exfiltrated, competitors can use it against the victim on the market—a different approach than directly siphoning funds, but still ultimately results in financial gain for the attackers.

In the healthcare industry, the story of the year (keeping in line with previous years) is not just about outside attackers, but about insiders as well. Ransomware remains prevalent, though not at the constant onslaught that many people perceive. According to the report, most companies receive malware on six or fewer days a year. However, it only takes ONE successful ransomware attack to bring an organisation to its knees. And while the security industry tends to focus on data being stolen by outside attackers, it’s important to pay attention to what is going on within the organisation as well. This year’s report indicates there are many cases in which employees are misusing their accounts, whether intentionally or by accident. As such, employees with access to data beyond their role within the organisation can become problematic.

Also within healthcare, the report notes that employees sometimes misuse their credentials to access information they do not need in order to accomplish their tasks. For example, employees might search for a celebrity patient’s records out of curiosity, or “just for fun.” This type of activity underscores the importance of following least privilege principles, coupled with application control, as well as implementing privileged session monitoring capabilities. For even without malicious intent, the misuse of credentials can be just as damaging as stolen credentials, causing compliance and regulatory violations.

In the wizarding world, posting Dementors at the gates and hoping for the best simply isn’t enough, particularly considering the number of times Lord Voldemort and his cronies managed to break through the castle walls, sometimes even completely undetected. But cyber security is not magic. It takes strategy, planning and collaboration to reduce cyber security risk.  Not only must we be able to recognise the attackers outside the organisation, but we must also guard against overreaching scope and seemingly innocent employees from becoming the attacker within. “Constant vigilance” includes protecting privileged access from the dark wizards of the cyber world.

About the Author

Katie Curtin-Mestre is VP Product and Content Marketing, CyberArk. CyberArk is the global leader in privileged access security, a critical layer of IT security to protect data, infrastructure and assets across the enterprise, in the cloud and throughout the DevOps pipeline. CyberArk delivers the industry’s most complete solution to reduce risk created by privileged credentials and secrets. The company is trusted by the world’s leading organizations, including more than 50 percent of the Fortune 100, to protect against external attackers and malicious insiders.