Port of Houston Prevents Data Breach: Success Highlighting Importance of Privileged Access Management (PAM) Controls
Cyber attacks and data breaches continue to grab the headlines in 2021 – and there are few signs that cyber adversaries are digging in. The looming threat of ransomware has forced organizations not only to assess their overall cybersecurity programs, budget and roadmap, but also to critically assess their identity and privileged access and access management solutions. (PAM). PAM controls are a fundamental part of active cyber defense, as the solutions provide ongoing visibility and management of the highly privileged administrator accounts that are the “keys to the kingdom” of an organization. The recently disclosed cyberattack at the Port of Houston is a refreshing success that highlights how PAM controls can help prevent and mitigate a crippling data breach for the business.
Critical infrastructure at risk
Critical infrastructure is not a topic often considered by the average American. However, as the name suggests, it is an integral part of our daily life and well-being. As described by the US Agency for Cybersecurity and Infrastructure Security (CISA), term critical infrastructure is “The physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or on public health or safety. The nation’s critical infrastructure provides the essential services that underpin American society. It is therefore not surprising that the The supply chain industry is a popular target for cybercriminals. Cyber attacks that violate critical infrastructure and cause massive damage are increasingly becoming a the essential of the evening news. This torrent of bad news can easily lead to discouragement and the false assumption that nothing can be done to prevent such attacks. We don’t often hear about effective cybersecurity defenses because they generate irrelevant reporting and attract only a small audience. However, cybersecurity success stories do exist, and as cybersecurity professionals it is our duty to heed the lessons of these victories as well as the failures. One of these recent examples is the attempted attack on the port of Houston.
Supply chain disruption
The Port of Houston attack is just one of many recent supply chain cyberattacks. In fact, the Identity Theft Resource Center (ITRC) reported that “Supply chain attacks increased 42% in the first quarter of 2021 in the United States, affecting up to seven million people.” Supply chain disruption is a common victim of cybercrime, causing untold damage to systems, infrastructure, businesses and individuals. The Colonial pipeline attack provides an excellent example; not only did this affect the company’s revenue and reputation, but it had a disastrous domino effect on gas stations, airlines, the military and even the average consumer. As pointed out CNET, the breach not only “caused a heavy blow to the gasoline industry in the southern and eastern United States, but it also showed just how vulnerable the US energy grid is to further attacks at the future”. Whatever the intentions of this aggressor (tax, most likely), we can assume that potential attackers will take this instance and others as a encouragement to enter or continue to participate in the powerful cybercrime industry.
The role of cybersecurity in protecting the supply chain
Yes, cybercrime is its own industry, and it’s a very lucrative industry. According to FBI Internet Crime Complaints Center (IC3), 791,790 complaints were reported in 2020 alone, representing approximately $ 4.2 billion. It also means that cybercriminals are business people and they want to get the best return on their investment for their time. You cannot make your organization perfectly protected, but these pirates are not magic monsters. They are business people in search of maximum performance with minimum effort. If you take even the most basic steps to make your organization difficult to compromise, it will move on to another target. Throughout the supply chain cycle, data is now almost exclusively digital, and it only takes the weakest link to disrupt the whole chain. But, if more organizations embark on cybersecurity, it could potentially change the basic economics of the cybercrime industry and discourage people from getting involved.
What happened at the Port of Houston?
Before delving into the details of the breach, Iyou have to understand the strengths involved and the extent of the damage that could have been inflicted. To start, according to a 2019 internal report from the Port of Houston, he was responsible for approximately $ 74.3 billion in total personal wages and salaries that were supported by shipping activity at public and private terminals located in the Port of Houston. It also supported 1,350,695 direct, induced, indirect and related jobs in the state of Texas and 3,208,809 in the United States. The port is the second in the country in terms of overall tonnage and is the largest recipient of foreign trade. It is “an economic engine for the Houston area, Harris County and the State of Texas.” Each year, more than 250 million tonnes of goods pass through it, generating an economic value of 300 billion dollars. A successful attack could have caused them to shut down operations for days or even weeks, already causing massive stacks in supply chains. stretched due to the Covid 19 pandemic. Initially, the attack appeared successful, taking advantage of a zero-day vulnerability in the Port’s self-service Single Sign-On (SSO) product. However, the rapid detection of unusual activity by Automatique systems, and the activation of a existing plan for incident management, allowed isolation of the compromised network within 90 minutes of the initial breach.
The role of privileged account management
Port of Houston’s 90-minute response and mitigation time is a significant improvement over 280 days IBM classifies as the average response time to a violation. The Port’s systems and operational data have been protected thanks to a preventive security measure already in place: password management. Modern privileged account management systems (PAM) do more than act as simple safes for secrets like passwords. They also record all authentication activity and monitor abnormal patterns in user and system activity. PAM controls are also an integral part of all industry recognized cybersecurity frameworks, including the NIST CSF. The Houston bombing, that officials suspect to have been perpetrated by the participation of a foreign government, was contained through the organization’s privileged account management solution. While media coverage will make you believe otherwise, even a rudimentary cybersecurity plan can make the difference between a successful attack and an unsuccessful attack. It also doesn’t mean that the Port of Houston has a “basic” cybersecurity plan, but the measures that saved their infrastructure in this case are measures that an organization of any size and budget can and do. must implement. At first, attackers were able to violate user-level permissions thanks to the vulnerability they exploited. But, when they tried to use this access to move sideways and elevate their user-to-administrator access, they were detected by the port’s PAM solution and were kicked out.
The events at the Port of Houston give us a simple example of why cybersecurity measures are paramount. One of the first steps to success cybersecurity strategy should include assess and identify your vulnerabilities, and then put actions in place to execute your appropriate mitigation strategies. Firewall, endpoint detection and response (EDR), and privileged account management (PAM) are all effective starting points, and this latest move is what saved the Port of Houston from a devastating outcome. For businesses reluctant to invest in cybersecurity, deploying an effective PAM solution is an achievable goal that can save them immeasurable amounts of money, time and energy.