Organizations are witnessing a record wave of cyber-attacks and whether it’s data breaches, ransomware attacks, fraud or espionage, a common theme seems to be emerging — threat actors are increasingly targeting identities instead of targeting systems.
Per the Identity Defined Security Alliance’s (IDSA) latest report, 84% of organizations have experienced an identity-related attack in the past year and this trend appears to be on an upswing. There are a number of reasons why identity-breaches are favored by cyber criminals:
- More Identities Equals Larger Attack Surface
The IDSA report confirms that the number of identities in an organization are growing quickly. The surge can be attributed to a number of things like the rapid adoption of cloud applications, increase in third-party relationships, spikes in machine identities such as bots and Internet of Things, and a general increase in the number of employees using technology. Today, the average staff member has more than 30 identities — meaning user accounts and applications – expands the attack surface, providing more opportunities for cyber criminals to operationalize.
- Compromising Identities Is Far Easier Than Compromising Systems
For attackers to successfully hack systems, they must have a detailed understanding of what systems are in place, how they operate and how they communicate. What’s more, many of these systems are protected by layers of advanced cyber security defenses that are increasingly difficult to crack. Like everyone else, hackers seek the least path of resistance for securing a foot in the door. This is where identity comes into focus. All the attacker needs to do is initiate a phishing campaign that helps them compromise a user identity. Once that is done, attackers can easily masquerade as a legitimate user, bypass all security defenses and access sensitive resources via legitimate channels. Per IDSA, phishing, inadequately managed privileges and stolen credentials are the top three types of identity-related breaches organizations have experienced in 2021.
- Employee Identities Deliver The Biggest Impact
Recent studies show that nearly 52% of workers in an organization have access to sensitive information. Further, many of these users have administrative privileges that provide them access to critical systems, applications and powerful controls. Attackers know that they can leverage human weaknesses (laziness, carelessness, judgment errors, biases) to hijack user identities. Once they have access, threat actors can carry out surveillance, steal data, deploy ransomware, move laterally across a network and compromise more systems. According to IDSA, employee identities are more likely to be breached in comparison to customer or third-party data and would probably result in the biggest direct business impact.
Identity Has Become A Top Security Priority
The IDSA survey indicates that a majority of security leaders consider managing and securing identities as one of the top three priorities in their 2022 security program. This is because nearly 80% of organizations that experienced an identity breach suffered loss of revenue, loss of reputation and increased customer attrition.
How Organizations Can Prevent Identity-Related Breaches
IDSA research proves that reducing the probability of an identity-related breach has more to do with people than with technology. In fact, the 2022 Verizon Data Breach Investigations Report also concluded something similar – 82% of breaches are traced back to the human element (stolen credentials, successful phishing scams, or simply human error). For organizations to effectively mitigate identity-related breaches, they must focus on getting their basics right:
- Train Employees To Follow Cybersecurity Basics:
Even the best cybersecurity defenses will be rendered useless if employees lack cybersecurity basics (e.g., weak passwords, poor password sharing, careless browsing, unsafe security decisions, etc.). Organizations must schedule ongoing security training and phishing simulation exercises. The goal is to develop a form of healthy skepticism and muscle memory to recognize and report suspicious activity. Extend training to key vendors and third-party partners.
- Use An Identity-Centric Approach To Security:
Instead of building a perimeter around corporate resources, focus on building a perimeter around identities. Consider implementing technologies like zero-trust and privileged access management to ensure access to data, services and devices tailored to each user. Use phishing-resistant multi-factor authentication (MFA) to protect credentials from being abused in case they are breached or stolen.
- Monitor Identities Regularly:
Conduct periodic reviews to verify if only legitimate users have access to critical resources or infrastructure. Grant access to applications according to the Principle of Least Privilege (POLP) and deprovision them in a timely manner when employees leave the organization or become inactive users. Check for exposed passwords on sites like haveibeenpwned.com. Analyze logs, conduct spot checks, and monitor the threat surface for any unusual activity.
Cyber resilience starts with understanding the root causes and focusing on the outcomes. Identity-breaches are a symptom, not a root cause. Focus on fixing the root causes like general security best practices first and only then will you truly embark on the journey of becoming cyber resilient.
Written by Stu Sjouwerman, SACP.
Have you read?
Best 10 Accounting Services for Small Business.
The Future of Work: How to Keep Your Workforce Healthy and Profitable Post-COVID by Karen Ferrell.
The Real, Dollars-and-Cents Cost of a Ransomware Attack On Your Business.
Why healthy habits need to lead from the top by Dr. Gordon Spence.
How leaders can build greater self-awareness and why it matters by Joe Hart.
NYC Actor and Model, Adam Dennis Geiger Takes it From the Top with 9 Lessons to Live by Parul Agrawal.
Are you persuasive or just a common hustler by Michelle Bowden.
Track Latest News Live on CEOWORLD magazine and get news updates from the United States and around the world.
The views expressed are those of the author and are not necessarily those of the CEOWORLD magazine.