Addressing cyber threats
Multi–factor authentication for privileged user accounts
Over the past few years, there has been a disturbing trend in the number and types of cyber breaches around the globe. These breaches have shown that everyone is vulnerable, including the most sophisticated Information Technology (IT) organizations, the largest and most respected financial institutions, and even the United States government. In response to this escalating threat, the Federal Chief Information Officer (CIO), Tony Scott, recently launched an accelerated Cybersecurity Sprint effort requiring federal agencies to take a number of steps to improve the security and resilience of their networks.
Multi-factor authentication protects against intrusion attempts by increasing the difficulty of compromising a privileged user. For instance, PIV-enabled multi-factor authentication operates by requiring the user to enter a PIN (something the user knows) to unlock their PIV’s digital certificates (something the user has). The PIV then participates in a cryptographic authentication process with the protected network or server. The cryptographic process is designed to thwart “replay” and other “man-in-the-middle” attacks, and cannot be duplicated by an attacker who does not possess the PIV. Other, non-PIV cryptographic tokens can provide similar capabilities, but none are as widely distributed to the federal and contractor workforce as are PIV cards.
Privileged user accounts typically have the most elevated permissions, or greatest capabilities, in an IT organization and access to the most sensitive information. As a result, those user(s) and/or server accounts also have the potential to cause the most damage. Generally speaking, a privileged user account is typically able to:
- Access, alter and remove data;
- Run programs and enable or remove file shares;
- Add and delete users, change user privileges and enable remote access;
- Read and change database records, access transactions data, change database configuration and schema, add or modify stored procedures;
- Grant and deny network access and enable and disable monitoring;
- Alter configuration and audit settings.
Deloitte Advisory has long served as an advisor to the Federal Government in assessing and addressing cyber security risk through its Secure.Vigilant.Resilient. suite of services. Being secure means focusing protection around the risk-sensitive assets at the heart of a federal agency’s mission. Given the reach and complexity of its digital ecosystem, an agency can’t secure everything equally. Being secure means focusing protection around the risk-sensitive assets at the heart of the agency’s mission.
- Deloitte Advisory’s Secure service assists in protecting our government clients' critical assets, including both information and infrastructure, by implementing risk-prioritized controls to protect against known and emerging threats and comply with standards and regulations.
- Deloitte Advisory’s Vigilant service assists our clients in identifying and understanding threats against critical assets by establishing situational risk and threat awareness across the environment to detect violations and anomalies.
- Deloitte Advisory's Resilient service assists our clients in minimizing the impact of incidents when they occur by setting up a process to handle critical incidents, quickly return to normal operations, and repair damage to the business.