Stolen and compromised credentials continue to be at the crux of major healthcare data security incidents involving cloud environments, including ransomware and other extortion attacks, underscoring the need for much stronger credential management practices and a focused approach to “least privilege software engineering,” said Taylor Lehmann of Google Cloud.
“One poorly managed credential in the cloud could be the difference between a good day and a bad day,” he said in an interview with Information Security Media Group, discussing a new cloud security Threat Horizons research report Google released on Thursday.
Many cloud security incidents happening at healthcare sector organizations involve credentials that are overly privileged, include weak passwords, lack of multifactor authentication or both, he said.
Administrator account with lots of privileges are increasingly being used “and have more and more catastrophic impacts,” Lehmann said.
“Where it really becomes problematic is when those sorts of accounts can be downloaded into keys that can be reused. So, instead of thinking you’re logging into a system with a username and password, you’re actually downloading a key pair,” he said.
“These continuing trends highlight the need for stronger credential hygiene and account management in healthcare, as well as other sectors. But that also includes a focus on least privilege engineering, which involves constantly reviewing and stripping out unnecessary privileges to prevent a single user from causing a catastrophic effect,” he said. “Because we’re deploying software now at scale using code, we can certainly build on that with things like least privilege engineering.”
“This is a new set of skills that we need to start looking at more seriously and adopting,” he said. “I think a lot of organizations would benefit from that – maybe shifting how they manage access today, which is setting up and removing user access, to really getting more finer-grained. What can people do and make sure that they can only do the things that they need to do and nothing more?”
In this audio interview with Information Security Media Group (see link below photo), Lehmann also discussed:
- The feasibility of least privilege engineering in clinical environments;
- How cybercriminals are using the cloud to carry out their attacks;
- Other top cloud security concerns and cyberattack trends from Google’s new report.
Lehmann advises Google Cloud customers and helps them achieve their business goals while adopting a high security bar. His past work focused on securing global healthcare organizations, removing obstacles and driving innovative programs that help them achieve their core missions. He has held CISO roles for hospitals, health insurance, health IT organizations and global banks.