Cyber threats are real, and organizations are taking proactive security measures on how to make users more secure. We will outline a few steps every organization should take to increase their cyber security position.
Security researcher recently discovered a new security flaw in Microsoft Exchange Server, which has been dubbed ProxyToken. The cyber criminal can gain access to users’ emails and configure their mailboxes, bypassing the security authentication process.
Users of Microsoft Exchange are normally authenticated through two sites, a front end and a back end. The Delegated Authentication feature leaves authentication purely to the server. ProxyToken must include a SecurityToken cookie in an authentication request to use this feature. Because of default settings, the attacker’s requests bypass the authentication process.
The chances of cyber attackers gaining access to the Exchange server are therefore reduced. However, insider threats are always possible. In 2019, cybercriminals caused losses of over $1.7 billion in phishing attacks due to this method. They use the information gathered as part of this method to create strategic phishing attacks.
Here are a few steps companies can take to reinforce their user authentication procedures in light of this and similar threats.
How do you monitor user behavior?
A username and password should not be sufficient for user authentication when using any technology. These traditional measures are insufficient and cannot proactively protect against cyber attacks that bypass authentication steps. User behavior monitoring is one helpful measure.
Each user’s typical behavior can be established through ongoing monitoring. Organizations can use this information to implement behavioral cyber security biometrics. This authenticates individuals by monitoring their use patterns. A red flag will be raised for abnormal user behavior such as configuring someone else’s inbox using a proxy cyber attack.
Monitoring user permissions is also very important of a zero-trust cyber security policy. This is built on contextual permissions to identify and address cyber attacks as these proactive measures go beyond traditional user authentication. This will help make users more secure.
What is multifactor authentication?
Multifactor authentication (MFA) also known as two-factor authentication (2FA) is another crucial step. A password or another type of authentication method is vulnerable to cyber attacks. This way, a cyber attacker cannot exploit any one method to infiltrate your IT infrastructure even if they get past other cyber security steps.
As mentioned above, ProxyToken may begin as an account compromise cyber attack, which Microsoft itself emphasizes is possible via multifactor authentication (MFA). In addition to its effectiveness, two-factor authentication (2FA) is also inexpensive and easy to implement, which makes it an ideal security measure. This will help make users more secure.
How do I restrict users?
Organizations need to work with their IT department or managed IT services provide to under the difference between user authentication and user authorization as they are not the same. Even though a cyber-attacker may bypass authentication using a cyber attack such as ProxyTokens or a similar method, tighter user controls can still prevent damage.
User authentication verifies is a user is who they claim they are when signing into a network. User authorization is what a user functions can be performed due to the limitations imposed by restricted user authorization protocols. If a hacker bypasses this authentication stage, a cyber-attacker will still have limited access, minimizing the level of destruction possible to you network.
How do I keep software updated?
This is a step in proactive management that organizations are aware of however most organizations do not know how and if it is done properly by their IT department or managed IT services provider. Organizations need to remember to keep their software up to date. Unfortunately, ProxyToken cyber security threat was discovered by IT security researchers in March, but organizations had to wait until July for Microsoft to release a patch. These cyber attacks can be prevented by updating the Exchange server software.
Software updates are critical however many organizations fail to update their software, leaving them vulnerable to cyber attacks. Unpatched cyber security vulnerabilities have caused data breaches in approximately 33 percent of all global businesses. Organizations need to enable automatic updates and monitoring for vulnerabilities to proactively prevent a significant amount of possible cyberattacks.
What user authentication protocols should I use?
Cyber security systems are constantly being challenged and beat-in by cybercriminals through methods such as ProxyToken. Organizations must become more proactive in the fight against cyber security threats, including strengthening user authentication protocols as threats grow.
Organizations must review their IT infrastructure setup, polices, and procedures as there must be more to user authentication than just usernames and passwords. Cybercriminals are sophisticated and organizations need to use a multi layered approach to stopping them including Multifactor authentication (MFA), two-factor authentication (2FA), and continuous network monitoring.
How to make users more secure? It is not possible for businesses to eliminate cyber security threats but by tightening user authentication and user authorization.
Is your corporate data in the dark web and your network compromised?
Let our complimentary data breach scan investigate if your credentials are compromised and listed on the dark web.
365 iT SOLUTIONS is a leading IT consulting firm in Toronto that offers Managed IT Services, Tech Support Services, Cloud Services, Managed Security Services, IT Support Services, IT Outsourcing Services, Business continuity and disaster recovery (BCDR), and Cyber Security Training and Dark Web Monitoring.
We Make IT Simple!