:: Cyber risk management | Active Directory ::

It takes decades to build a strong reputation and seconds within a cyber-attack to destroy the same. Organizations are targets of varied and fast evolving forms of cyber-attacks, which according to market studies have been on the rise, specially over the past 3 years. One of the components of the IT system that is most susceptible to security incidents is the active directory.

Through this thought leadership, we are seeking to raise awareness in the context of the nature and type of risks emanating from an active directory with best practices to mitigate the same.

What is an active directory?

An active directory is essentially a database that provides a set of services, network resources and related users. The main function of an active directory is to enable its administrator/s manage access to network resources. While data is stored as objects (including users, groups, applications and devices), these objects are categorized according to their name and attributes in an active directory.

What are the main risks & challenges emanating from deficiencies in managing an active directory?

Malicious users and attackers seek to gain access to victims, by using a variety of hacking techniques that take advantage of deficiencies in access management, misconfiguration and unpatched systems. The risks come in various forms such as the following:

Gaining access using malware and subsequently monitoring an organization’s activities and/or stealing data.
Infiltrating additional accounts and moving laterally to corrupt the information system.
Gaining access to a user account and remaining undetected, before some or more of the components of the IT system are compromised. The nature and extent of damage that can be inflicted in a system is influenced by the duration of time during a hacker remains undetected in a system.

It is increasingly becoming difficult to identify the source of the breach and determine the extent of the damage after a security breach relating to an active directory. It is equally challenging to trace all the areas that have been breached; and in this situation attempting to patch vulnerabilities in an existing system may not yield the desired results.

What are some best practices that can be considered?

An organization’s active directory controls all access to its system and consequently its security posture needs careful monitoring and ongoing enhancement. We understand that your objectives are to protect your organizations’ credentials, applications and confidential data from unauthorized access. Consequently, you need to be armed with knowledge and resources that seek to continuously assess and enhance your security measures, to prevent malicious users from breaching your network and causing damage. Some of the best practices in this context are summarized below and while these may not necessarily provide a comprehensive set of mitigating measures, the same may be viewed as a good starting point.

Assess and limit the usage of domain admins and other privileged groups.
Secure the domain administrator account.
Disable the local administrator account.
Use local administrator password solutions.
Use a secure workstation for the administrator's tasks.
Enable audit policy settings.
Use long and difficult passwords.
Use descriptive security groups.
Frequently clean-up inactive users and computer accounts.
Limit installation of additional software on domain controllers.
Frequently undertake patch & vulnerability scanning.
Use secure DNS services to block malicious traffic.
Only run supported operating systems.
Use multifactor authentication frameworks.
Monitor DHCP & DNS Logs.

And finally, develop your security strategy based on a comprehensive cyber risk risk assessment, while building your organization's resilience to cyber attacks.

Should you need any clarifications or assistance please do not hesitate to reach out to us at contactus@mgcglobal.co.in or our IT Risk Advisory Leader - Kirti Kumar at kirti.kumar@mgcglobal.co.in.

Have a great week ahead!

Best regards

Markets Team

MGC Global Risk Advisory

About MGC Global Risk Advisory

Recognized as one of the '10 most promising risk advisory services firms' in 2017, as the 'Company of the Year' in 2018 &, 2019' (both in the category of risk advisory services), one of the 'Top Exceptional Companies to Work For’ in 2020, amongst the ‘Top 25 Customer Centric Companies’ in 2020 and 'The Consultant of the year' in 2021 (in the category of risk advisory services); MGC Global is an independent member firm of the US$ 4.6 billion, Atlanta headquartered - Allinial Global.

MGC Global provides services in the areas of internal audits, enterprise wide risk management, control assessments (SOC, IFCR & SOX), process re-engineering, governance frameworks, IT risk advisory, GDPR, VAPT, ISO readiness, cyber security, CxO transformation and forensic services. Our Firm has the capabilities to service its clients through its offices in Bengaluru, Mumbai, NCR; and has service arrangements in all major cities in India.

About Allinial Global

Allinial Global (formerly PKF North America) is currently the world's second-largest member-based association (with collective revenues of approximately USD 4.6 billion) that has dedicated itself to the success of independent accounting and consulting firms since its founding in 1969. It currently has member firms in 99 countries, who have over 26,000 professional staff and over 4,000 partners operating from 688 offices across the globe.

Allinial Global provides its member firms with a broad array of resources and support that benefit both its member firms and their clients in the key impact areas of learning and development, human resources, international outreach, technical support, knowledge-sharing platforms through its specialized communities of practice, marketing resources, information technology and best practices in practice management.