This is a summary of the panel discussion at Security Symposium & Cyber Sentinel Award by Infocon global. The panel discussion was moderated by Jitendra Chauhan (Head of Engineering at FireCompass) along with Balaram (CISO, Manthan), Ananth Kumar Ms (Head-IT Assurance & Security, Janalaxmi Financial Services), Sumanth Naropanth and Ramakrishna Roy.
What is Shadow IT? How will you define it?
- What is the definition? Projection based on Gartner and Forester
- Gartner Report Says Shadow IT Will Result in 1/3 of Security Breaches. They predict that “by 2020, one third of successful attacks experienced by enterprises will be on their shadow IT resources.”
- When business unit IT digital services are invisible to the IT department that is not sanctioned by centralized IT it is termed as shadow IT.
- Different Types
- External Digital Footprint
- Apis
- Share drives
- Cloud services
- 3rd party assets and data collection
- Ability to share information
- Open source libraries
Internal organisation
- Grey area
- Skype
- Open source libraries
- Design esponaige
- External Digital Footprint
>> Want to See Your Organization's Shadow IT
Why is Shadow IT is a problem from various perspectives such compliance, security, business operations etc.?
- Compliance such as GDPR, SOX, PCI
- Business Implications and implications to CXOs
- Organisational Security Perspective
- Skype traffic
- What are the few examples of breaches because of Shadow IT?
- Amex Breach [Nov 2018] - Details on 700k customer data exposed
- What was exposed?
- 3M Records,
- 700000 unencrypted PII such as Name, Emails, Phone Numbers etc.
- How did it Happen?
- Misconfigured MongoDB instance (managed by a Marketing Subcontractor), which was indexed by search engines like Shodan.
- What was exposed?
- HSBC Breach [Nov 2018]
- What was exposed?
- 1M+ Customers exposed,
- PII - DOB, Communication Details, Transactions, A/C Numbers & Balance
- How did it Happen?
- Credential Stuffing, Due to Password Reuse
- What was exposed?
- British Airways [Sep 2018] - Click Here for more data on why the hack happened
- What was exposed?
- 380000 Transaction Records
- Personal and Financial Data such as credit cards
- How did it Happen?
- 3rd Party System compromised, infected with malicious javascript that ultimately targeted BA end users.
- What was exposed?
- Equifax Breach (Click Here for detailed breach settlement information - $700m)
- Microsoft Subdomain Takeover
- Dunkins Donut
- Amex Breach [Nov 2018] - Details on 700k customer data exposed
Summary,
- None of the attack vectors involved 0 days, but mostly misconfigured assets, open buckets, leaked password reuse, 3rd Party related trust misuse
- Reward and reprimind
How is the Shadow IT really created?
- Key business drivers
- Getting things done as fast as possible
- Cloud it is easy
- Agility
- 3rd party vendors
- Lack of monitoring
- Examples of departments [Marketing, Engineering]
How to detect Shadow IT?
Detection Cycle
- Discovery visibility
- Data flow monitoring and anomaly detection
- Create Asset Inventory
- Prioritise and Assign Risks
- Validate Risks [Red Teaming]
- Manage and Monitor
- Continuous Monitoring of Attack Surface and Risks
- Continuous Remediation of Risks
Incidents response of shadow it?
How to prevent Shadow IT?
- Be more open on the policy perspective. Embrace Shadow IT Drivers by creating policies
- Awareness Drive ( cxo and employees)
- Continous Monitoring and threat intelligence
- How to deal with employees who do not listen to you and inform Security Team?
Comments