Dealing with account lockouts is one of the unhappy facts of life for many IT teams. And while resolving lockouts isn’t particularly difficult, it is the sheer volume of incidents that often weighs down IT teams. In fact a recent survey found that ⅓ of IT and Support tickets are tied to password resets and account lockouts.
In a very short period of time, machine learning (ML) has had a major impact on the field of cybersecurity. Machine learning has proven to be adept at finding threats in ways that traditional signatures never could, whether detecting malware, finding vulnerabilities, or recognizing when a trusted employee has been compromised by an attacker.
The New York State Department of Financial Services (NYDFS) has recently enacted new cybersecurity regulation aimed at protecting financial services organizations and their data. The new regulation known as 23 NYCRR 500 actually went into effect earlier in the year, but the 180-day transition period ended on August 28th, meaning organizations now need to be officially in compliance. Of course financial services CISOs are no strangers to regulation, having to already comply with a dizzying array of control frameworks including NIST, COBIT, SSAE and specific regulations such as PCI-DSS and SEC OCIE just to name a few.
In a recent blog, we discussed how attackers typically follow the path of least resistance. In enterprises, this almost always involves seeking out weak passwords. Data from Verizon’s Data Breach investigation Report certainly bears this out, where they found that nearly 2/3s of breaches involved the use of weak, default, or stolen credentials. As much as the industry likes to focus on nation-state attackers and obscure 0-days, the fact remains that most battles are lost due to a lack of basic password hygiene in the network.
Something is very wrong in the security industry and “security alert fatigue” is one of the most obvious symptoms. Most enterprises generate far more security alerts than their security staff can analyze. Typically it’s not even close. The problem extends to all industries, but a recent survey of banking security leaders brought the issue into sharp focus. The study found that 61% of the organizations generate at least 100,000 events per day. 37% of organizations generated more than 200,000 events per day. That is simply too many events to process even for the largest of security teams. This shouldn’t be the norm, but virtually anyone who works in security can attest that it is. So let’s take a looks at why this is happening and what we can do to fix it.