Cybersecurity

Fortinet breach shows danger of access management, need for security hygiene

“Over a period of time, probabilities are [that] somebody will find it, somebody will get access to it,” one expert says.
article cover

Luis Alvarez/Getty Images

3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

Another day, another breach that can be traced back to poor security hygiene.

Cybersecurity powerhouse Fortinet announced on Sept. 12 that it had suffered an attack—labeled as “limited data related to a small number (less than 0.3%) of Fortinet customers”—to a third-party cloud drive. The attacker, known as “Fortibitch,” released 440 GB of data after Fortinet refused to pay.

“The leaked data includes employee resources, finance documents, HR documents from India, product offering, US sales, professional services and marketing documents, as well as customer information,” cyber threat tracking firm CloudSEK wrote in a report about the breach.

Sky mall. Cloud security is becoming a major issue, Saviynt Chief Trust Officer Jim Routh told IT Brew, and with the increased adoption of the technology in software development and data storage, there’s a need to ensure that safety procedures are followed. Among the necessary steps is making certain that failsafes like multi-factor authentication (MFA) are in place. When they’re not, it’s only a matter of time before the data is exposed.

“Over a period of time, probabilities are [that] somebody will find it, somebody will get access to it,” Routh said. “And so those types of decisions really should be supported by identity, access management discipline, multi-factor authentication.”

Koushik Pal, a threat intelligence reporter at CloudSEK, sounded a similar note in comment to Dark Reading, calling for stricter identity access management requirements.

“Organizations should make MFA mandatory for accessing SharePoint and other critical systems to prevent unauthorized access even if credentials are compromised,” Pal said. “Monitor repositories on a regular basis for exposed credentials, sensitive data, or misconfigurations, and enforce security best practices across all teams.”

Needing caution. But that’s not always so easily done, as Fortinet found. With a reported half million customers, TechCrunch deduced that the number of affected corporate users could be around 1,500, a number that was not disputed by Fortinet spokesperson Stephanie Lira. And using a third-party vendor for storing that information, while not inherently dangerous, opens the door to more insecurity.

That’s where the role of the system administrator comes into play—the need for a select user to make those kinds of calls, Routh said.

“Depending on the requirements, there should be some privileged user [who’s] a system administrator that can manage new accounts, make sure they’re configured properly from an identity access management standpoint, and provide privilege access management to those accounts.”

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

I
B