A costly afterthought: neglecting audit logging puts you at risk

One of the main challenges in implementing audit logging is the lack of awareness and understanding of its importance. Many organizations do not recognize the value of audit logs in detecting and preventing security breaches, as well as in meeting compliance requirements. As a result, audit logging is often an afterthought that is implemented to simply meet the minimal requirements for compliance rather than for threat detection and prevention.

Lack of Awareness and Understanding

One of the primary reasons why organizations deprioritize investment in the proper implementation of audit logging is the lack of awareness and understanding of its significance. In many cases, decision-makers focus more on the core product features and functionalities, neglecting the importance of robust security measures. They fail to realize that audit logging plays a crucial role in identifying and investigating security incidents, as well as ensuring accountability and compliance.

For example, in 2017, Equifax, one of the largest credit reporting agencies, suffered a major data breach that exposed the personal information of approximately 147 million individuals. The breach was a result of a vulnerability in their web application, and the lack of proper audit logging made it difficult for Equifax to detect the unauthorized access and take immediate action. [1] The organization had not prioritized investment in audit logging, leading to significant consequences.

Cost and Resource Constraints

Another significant factor that leads to the deprioritization of audit logging is the cost and resource constraints faced by organizations. Implementing a comprehensive audit logging system requires a significant investment in terms of both time and money. Organizations may prioritize allocating their resources towards core product development, marketing, and revenue-generating activities rather than investing in security measures that may not have an immediate impact on the bottom line.

In 2013, Target, a major retail corporation, experienced a massive data breach that affected over 40 million customer credit and debit card accounts. The breach occurred due to a cybercriminal gaining access to Target's network through a vendor's compromised credentials. Target had failed to implement proper audit logging practices, which could have potentially alerted them to the unauthorized access and prevented the breach. [2] The organization's focus on core product features and cost constraints contributed to the lack of investment in audit logging.

Misalignment of Priorities

Organizations often prioritize delivering new features and functionalities to meet customer demands and gain a competitive edge in the market. This constant drive to innovate and keep up with the evolving market trends can lead to the neglect of security measures, such as the proper implementation of audit logging. The focus on delivering new features can overshadow the importance of ensuring data integrity, confidentiality, and availability through robust audit logging practices.

In 2018, Facebook faced a significant data breach that exposed the personal information of nearly 50 million users. The breach occurred due to a vulnerability in the platform's "View As" feature, which allowed attackers to steal access tokens and gain unauthorized access to user accounts. Facebook had not prioritized investment in audit logging and did not have proper monitoring systems in place to detect suspicious activity. The organization's misalignment of priorities and focus on delivering new features led to security vulnerabilities and the subsequent breach.

While this info was supposed to be protected, Facebook, without authorization, exposed that information to third parties through lax and non- existent data safety and security policies and protocols ^[3]

Compliance vs. Threat Detection

Many organizations view audit logging as a box to check for compliance purposes rather than as a tool for threat detection and prevention. They implement audit logging systems solely to meet the minimal requirements set by regulatory bodies and industry standards. This narrow view fails to recognize the potential benefits of audit logs in detecting and mitigating security breaches, as well as providing valuable insights for improving overall system security.

In 2019, Capital One, a major financial institution, experienced a significant data breach that exposed the personal information of over 100 million individuals. The breach occurred due to a misconfigured web application firewall, allowing a hacker to gain unauthorized access to customer data. Capital One had implemented audit logging systems primarily for compliance purposes, without focusing on the importance of threat detection. This compliance-driven approach resulted in a failure to detect and prevent the breach in a timely manner. [4]

Key Takeaways

Organizations tend to deprioritize investment in the proper implementation of audit logging in favor of core product features due to various factors. The lack of awareness and understanding of the significance of audit logging, cost and resource constraints, misalignment of priorities, and the focus on compliance rather than threat detection all contribute to this deprioritization. However, it is crucial for organizations to recognize the importance of audit logging in ensuring data security, preventing security breaches, and meeting compliance requirements.

By investing in robust audit logging practices, organizations can enhance their overall security posture and protect their valuable assets. The examples of data breaches, such as Equifax, Target, Facebook, and Capital One, serve as reminders of the consequences that can arise from deprioritizing audit logging. It is essential for decision-makers to be aware of the potential risks associated with not prioritizing audit logging and to allocate sufficient resources to its implementation. Additionally, organizations should consider the long-term benefits of audit logging in terms of threat detection, incident investigation, and overall system security. By overcoming the challenges and addressing the underlying factors that contribute to the deprioritization of audit logging, organizations can establish a strong security foundation and safeguard their critical information.

References

1. The Equifax Data Breach. US House of Representatives Committee on Oversight and Government Reform. December 2018

2. Warning (& Lessons) of The 2013 Target Data Breach. Red River. October 26, 2021

3. Facebook Faces Lawsuit Over Massive 2018 Data Breach. Threat Post. June 24, 2019

4. A Case Study of the Capital One Data Breach. MIT. January 2020