Harden your security configuration and limit lateral movement
Harden your security configuration and limit lateral movement
To limit the impact of a successful compromise, segregate administration groups and limit their scope, which can be achieved by using an Active Directory (AD) tier model or Microsoft’s enterprise access model. Use purpose-dedicated service accounts with the least privilege principle to limit the impact of one account being compromised.
To further secure domain admin accounts, make sure they are:
Kept at minimum (less than 5 is recommended).
ONLY used to connect to domain controllers.
Not allowed to connect to the internet.
Configured with unique, random, long and complex passwords.
Used to connect remotely only in case of emergency (using VPN with MFA).
Monitored, with alerts in place.
Other security hardening best practices are described here.
There is no one single control or tool that can completely protect your organisation against the possibility of a cyberattack. Through a multi-layered approach to identifying and addressing vulnerabilities on every level, your system and assets will be far better protected.
Jad Nehmé
Cyber Client Experience Manager, Paris
Claims Example
A large healthcare organisation with 150 hospitals and clinics was victim of a system infiltration. The cybercriminal entered the network through a single compromised user account at one clinic and, because there was no network filtering between sites, quickly moved laterally within the network to reach the corporate data centre.
From there, they moved to other clinics’ networks, stealing sensitive data. Once the incident was discovered, our client cut off all network connections, isolating all sites; with no baseline of acceptable network flows, it was impossible to quickly identify malicious traffic without shutting everything down.
Two specialised vendors were engaged to investigate and open each network flow one by one. Resolution took several weeks, with significant business interruption consequences.
The descriptions contained in this communication are for preliminary informational and risk management purposes only. It is made available with the understanding that Beazley does not render legal services or advice. Although reasonable care has been taken in preparing the information set forth in this document, Beazley accepts no responsibility for any errors it may contain or for any losses allegedly attributable to this information. The product is available on an admitted basis in some but not all US jurisdictions through Beazley Insurance Company, Inc., and is available on a surplus lines basis through licensed surplus lines brokers underwritten by Beazley syndicates at Lloyd’s. The exact coverage afforded by the product described herein is subject to and governed by the terms and conditions of each policy issued. The publication and delivery of the information contained herein is not intended as a solicitation for the purchase of insurance on any US risk. Beazley USA Services, Inc. is licensed and regulated by insurance regulatory authorities in the respective states of the US and transacts business in the State of California as Beazley Insurance Services (License#: OG55497)
There is no one single control or tool that can completely protect your organisation against the possibility of a cyberattack. Through a multi-layered approach to identifying and addressing vulnerabilities on every level, your system and assets will be far better protected.
