Compromised identities are still a massive cybersecurity risk to organizations
With our increased use of technology, we’re at an increased risk of cyber attacks. Most devices connect to the internet, including our smartphones, credit card processors, and enterprise computers, leaving us vulnerable.
Cyber security is a big focus for governments and organizations all over the world. Everyone understands the possible damage to their financial health and reputation if a breach occurs.
Unfortunately, many of these organizations are overlooking the risk from within. Insiders are a source of risk, and some of the most high-profile attacks happened because of compromised identities.
The risk from inside your company
Big breaches make headlines. We hear of cascading technological failures or malicious hackers from distant lands, giving us a false sense of security.
But breaches can happen to any organization. The SolarWinds breach is a good example of a breach that happened because of compromised credentials and routine software updates. The hack required the user download a contaminated update and deploy it, then connect to the it’s command and control so the attackers could gain remote access.
The results were alarming. The attackers even found their way into multiple government networks and critical infrastructure..
That’s not the only breach which involved compromised credentials. The Colonial Pipeline attack began with hacked credentials from an inactive account. With just one password, attackers disrupted the fuel supplies to the U.S. Southeast, hindering the fuel deliveries to major East Coast markets. In this case, multi-factor authentication would’ve made the attack more difficult or at least put another security measure between the attacker and critical systems.
The similarity with these breaches is that cyber security was less robust than it needed to be, but the ultimate root cause was still weak credentials.
These are the primary types of insider risks:
- Human Error: Human error is always a risk. Devices can be stolen, information can be shared over an insecure network, emails can be misdirected, and more, all leading to a potential weakness.
- Leak Passwords and Malicious Intent: Employees can leak passwords accidentally, but some do have malicious intent. They share passwords or information with the intent to damage the company or steal data.
- Hijacked Identities: Hijacked identities give cyber criminals access, and this could happen through a compromised employee system or with stolen credentials. Malicious Hackers then have the freedom to increase their access in the system and find what they seek.
- One of the challenges with insider risks is that the source is trusted, so it may not stand out in detection procedures. Malicious Hackers can also hide their tracks, limiting the benefits of forensic investigations.
Restrictive policies can be helpful for cyber security, but they may not cover compromised identities. They also inhibit innovation and productivity.
Implementing a zero trust strategy and mindset
Having robust cyber security protocols and technologies in place is vital to build a foundation of defense, but it’s not enough. Organizations need broad initiatives like zero-trust architecture that includes zero friction security to promote a good user experience with security.
The guiding principle of the zero-trust model is to never trust, always verify. Instead of assuming everyone is good and safe, the model verifies each request as though it came from an unknown source, no matter if it’s from an employee or familiar application.
All users must be authenticated, authorized, and validated before they can access applications and data. Least privilege and micro-segmentation can be used to minimize lateral movement as well, ensuring that a malicious hacker can’t do as much damage. If a breach does occur, analytics are used to detect and respond to threats.
Zero trust relies on five guiding principles:
- Evolving perimeter: Managing and defending a perimeter used to be like guarding a castle wall. Now, cloud networks and remote workforces have changed the perimeter, and the old model is no longer practical. Zero trust integrates security throughout the network instead of at the perimeter only.
- Verification and authentication: All users must be authenticated and verified based on available information, such as identity, service, location, and workload.
- Principle of least privileged access: Users have limited access and only for a short period of time. They have what they need to complete a task in the allotted time, then their privilege is revoked.
- Assume a breach: Zero trust aims to minimize the “blast radius” if a breach occurs by segmenting access. Analytics are then used to detect threats, improve defenses, and increase visibility.
- Zero inherent trust: Zero trust architecture always assumes that the user has malicious intent until they’ve proven otherwise. This is the opposite of the traditional model of inherent trust for users in the network. Any services or applications must be verified.
- Workforce, workplace, workload: This three-pronged approach applies to different facets. The workforce is the trust levels of the users or devices to establish access privileges. Workplace is the implementation of trust-based access control on the network. Workload is the prevention of unauthorized access within segmented networks.
- Continuous trust verification: Zero trust makes users continuously establish trust and verify their identity in different ways, including multi-factor authentication. It also enforces least privileged access.
Zero trust encompasses a number of defense areas, including:
- Identities are always verified and secured with authentication
- Compliance and health status is verified at endpoints before the access can be granted
- In-app permissions, gated access, and monitored and controlled user actions limit app vulnerabilities
- Data-driven protection is prioritized over perimeter-based protection with encryption and restricted access
- Least privileged access limits compromised identities and activities are automatically flagged and blocked
- Nothing within the network is inherently trusted. Communications are encrypted, access is limited, and lateral movements are hindered by microsegmentation
Protect yourself from compromised identities
Zero trust has been around for a while, but it’s important for the new threats we face in cybersecurity. Businesses keep amassing more data and working with geographically distributed teams, creating complexity in cyber security. Cyber criminals know that they can gain sensitive data through compromised identities, but the zero trust model with least privileged access offers a robust solution to protect against threats and mitigate damage.
About the author
Joseph Carson is a cybersecurity professional with more than 25 years’ experience in enterprise security and infrastructure. Currently, Carson is the Chief Security Scientist & Advisory CISO at Delinea. He is an active member of the cybersecurity community and a Certified Information Systems Security Professional (CISSP). Carson is also a cybersecurity adviser to several governments, critical infrastructure organizations, and financial and transportation industries, and speaks at conferences globally.
DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.