Cloudtweaks Logo
Joseph Carson
October 27, 2022

Compromised Identities Are the Biggest Weakness in Organization Cybersecurity

By Joseph Carson

Compromised Identities

Most of what we encounter every day is computerized. We connect to the internet on our phone or make a purchase with an internet-connected processor, leaving us at risk of a malicious hacker targeting data.

As a result, cyber crime is a lucrative business. Organizations everywhere are responding with robust cyber security protocols all over the world to ensure their data is as protected as possible, but it may not be enough.

Regardless of security, one of the biggest risks to an organization is from within. Insiders are a big part of cyber risk, whether intentional or unintentional. Some of the most widely publicized breaches in the past year proved that fact.

The Risk from Inside Your Company

Publicized breaches are almost always catastrophic, often damaging to brand, and include details that make them feel removed, like it couldn’t happen to us.

Cyber breaches happen all the time, to organizations large and small. It’s just that the ones making headlines are the biggest or involve some of the most damaging data.

For example, the high-profile SolarWinds breach was a calculated effort from sophisticated, malicious hackers. Once the investigation was complete, the ultimate weakness was compromised credentials that were exploited during routine software updates.

For the hack to work, a number of pieces had to fall into place. The victim had to download a contaminated update and deploy it, then connect to its command and control to allow the hackers to gain remote access.

This simple process led to alarming results. The hack involved multiple government networks and critical infrastructure.

Another high-profile attack involving compromised credentials was the Colonial Pipeline attack, which was rooted in hacked credentials from an inactive account. With one password, attackers had an opportunity to wreck the fuel supplies from the Gulf Coast refineries to major East Coast Markets.

In this case, multi-factor authentication could’ve made the hack more difficult. Had the attacker needed to prove their identity with an additional form of authentication, they wouldn’t have had the freedom to move within the network.

There were cyber security issues with these examples, but the risk still came down to weak credentials.

These are the primary types of insider risks:

  • Human Error: Mistakes can play a big role in breaches. Stolen devices, misaddressed emails, and confidential data shared over an insecure network can provide an ingress point for a malicious hacker.
  • Leak Passwords and Malicious Intent: Mistakes happen, but there are employees who are trying to damage a company. They may leak passwords or operate in a way to help malicious hackers steal information.
  • Hijacked Identities: Cyber criminals know that they can gain access with a compromised identity. This could be done with stolen credentials, phishing, or malware, giving them access to the system to elevate their privilege and maximize damage.

With insider risks, most of the activity happens with trusted users or applications in a trusted network, making it difficult to detect with technology or security procedures. What’s worse, hackers can hide the evidence of their attack to complicate the matter further.

Security policies can go a long way in preventing some types of cyber crime, but they can’t help much with compromised identities without disrupting productivity.

Implementing a Zero Trust Strategy and Mindset

All organizations should have a stringent cyber security protocol and enforcing technology in place for defense, but there needs to be more. Zero-trust architecture with zero friction security is important for balancing security with the positive user experience businesses need to thrive.

Friday Comic

The idea behind zero trust is that no one is assumed safe within a company network. A breach is assumed every time, and all sources are verified. “Never trust, always verify” is the mandate.

All users in the network must be authenticated, authorized, and validated before they can gain access to data and applications. The principle of least privilege limits their ability to gain further access and move freely in the network. Analytics can be used to detect a breach if one occurs.

It relies on five guiding principles:

  • Verification and authentication: All users must be authenticated and verified based on the information available, including identity, service, and location.
  • Evolving perimeter: A perimeter is no longer providing a safe space behind a castle wall. Remote workforces and cloud networks eliminated the traditional perimeter, so zero trust integrates security throughout the network.
  • Principle of least privileged access: User access is always limited with least privileged access, giving them only as much access as they need, and only for as long as they need. Once the work is complete, the privileged access is restricted.
  • Assume a breach: To mitigate damage, zero trust segments the access to prevent malicious hackers from moving laterally in the network. Analytics are used to detect threats, improve defenses, and gain visibility.
  • Zero inherent trust: Zero inherent trust assumes that everyone has malicious intent until they can prove otherwise. All sources are verified at the perimeter level before access is granted.
  • Workforce, workplace, workload: Workforce involves verifying trust levels of users or devices to evaluate access privileges. Workplace involves implementing trust-based control. Workload involves the prevention of unauthorized access within the segmented networks.
  • Continuous trust verification: Zero trust makes users verify their identity with device location, multi-factor authentication, and other means continuously.

Zero trust encompasses several defense areas, including:

  • Identities: All identities are verified with authentication
  • Endpoints: Compliance and health status is verified before access is granted
  • Apps: Apps are secured with in-app permissions, monitored user actions, and gated access using analytics
  • Data: Data-driven protection is top priority, rather than perimeter protection
  • Infrastructure: Suspicious or high-risk activities are automatically blocked and flagged
  • Network: There’s no inherent trust in the network for being internal. Access is always limited, communications are always encrypted

Protect Yourself from Internal Risks

Zero trust is gaining new relevance in the wake of these recent breaches. Businesses are amassing more data, making them ideal targets for cyber criminals. Traditional cyber security measures aren’t enough, especially with the risk of a breach from a compromised identity. Zero trust protects assets with least privileged access and continuous verification.

By Joseph Carson

Joseph Carson
Joseph Carson is a cybersecurity professional with more than 25 years’ experience in enterprise security and infrastructure. Currently, Carson is the Chief Security Scientist & Advisory CISO at Delinea. He is an active member of the cybersecurity community and a Certified Information Systems Security Professional (CISSP). Carson is also a cybersecurity adviser to several governments, critical infrastructure organizations, and financial and transportation industries, and speaks at conferences globally.
Website
Bharti Patel

The Goldilocks Principle of Cloud Management: Striking the Ideal Balance

It’s not an all-or-nothing proposition: How to strike the right balance with cloud The pandemic [...]
Read more
David Cantor

Impact of AI in Storytelling and Creativity 

These are monumental topics that command volumes of diligent research, backed by empirical evidence and [...]
Read more
John Case

Leverage Cloud-based Technology to Expand Business Opportunities

Leverage Cloud-based Technology It’s no secret that the cloud has changed the way business is [...]
Read more
Laduram Vishnoi

8 Best Practices for Real User Monitoring

Real User Monitoring You have built an amazing website or app but still do not [...]
Read more
Rakesh Soni

Cultivating a Culture of Cloud Innovation: Elevating Your Business Potential

Cloud computing has emerged as a game-changer, revolutionizing how organizations operate and transforming their growth [...]
Read more
Khurram Mir

How AI Enhances Cybersecurity: Expert Insights from Khurram Mir of Kualitatem

How AI Enhances Cybersecurity Khurram Mir, the Chief Marketing Officer at Kualitatem, brings a profound [...]
Read more

SPONSOR PARTNER

Explore top-tier education with exclusive savings on online courses from MIT, Oxford, and Harvard through our e-learning sponsor. Elevate your career with world-class knowledge. Start now!
TOPICS
AI BIG DATA CLOUD DEVOPS INFOSEC
SERVICES
SPONSORED POSTS BRANDED COMICS THOUGHT LEADERSHIP WEBINARS
Company
ABOUT BLOG MEDIA KIT CONTACT
© 2024 CloudTweaks. All rights reserved.