How to use zero trust and IAM to defend against cyberattacks in an economic downturn

Despite double-digit budget increases, CISOs and their teams are scrambling to contain increased internal breaches, embezzlement and fraud. Identities are the attack vector of choice during a recession, exacerbated by inflationary costs driving up the cost of living, making phishing emails’ false claims of easy money all the more alluring.

As one CISO confided to VentureBeat in a recent interview, “recessions make the revenue-risk aspects of a zero-trust business case real, showing why securing identities deserves urgency.”

Attackers use machine learning (ML) algorithms to create and launch malware-free intrusions. These account for 71% of all detections as indexed by the CrowdStrike Threat Graph.

The latest Falcon OverWatch Threat Hunting Report illustrates how attack strategies aim for identities first. “A key finding from the report was that upwards of 60% of interactive intrusions observed by OverWatch involved the use of valid credentials, which continue to be abused by adversaries to facilitate initial access and lateral movement,” said Param Singh, VP of Falcon OverWatch at CrowdStrike.

CrowdStrike’s acquisition of Reposify reflects how leading cybersecurity platform vendors concentrate on adopting new technologies to provide external attack surface management while protecting enterprises against internal threats.

Reposify scans the web daily for exposed assets, enabling enterprises to have visibility over them and defining which actions they need to take to remediate them. At last year’s Fal.Con event, CrowdStrike announced plans to use Reposify’s technology to help its customers stop internal attacks.

Identity attacks soar in a down economy

Identity-based breaches interrupted 78% of enterprises’ operations last year, and 84% said they experienced an identity-related breach.

Identities are a core attack vector for attackers in a down economy; their strategies are to gain control of an organization. Attackers’ favorite targets are legacy identity and privileged access management systems that rely on perimeter-based security that often hasn’t been updated in years. Once in, attackers immediately grab admin rights, create fraudulent identities and begin exfiltrating financial data while attempting cash transfers.

Attackers are using ChatGPT to fine-tune social engineering attacks at scale and mine the data to launch whale phishing attacks. Ivanti’s State of Security Preparedness 2023 Report found that nearly one in three CEOs and members of senior management have fallen victim to phishing scams, either by clicking on the same link or sending money.

Identities are under siege during periods of economic uncertainty and recessions. CISOs fear that internal employees will be duped out of their passwords and privileged access credentials by social engineering and phishing attacks — or worse, that they may go rogue.

CISOs, internal security analysts staffing security operations centers (SOCs) and zero-trust leaders have told VentureBeat that a rogue IT employee with admin privileges is their worst nightmare.

Snowden a cautionary tale

Those CISOs willing to discuss the issue with VentureBeat all referenced Edward Snowden’s book Permanent Record as an example of why they’re so concerned about rogue attackers.

One CISO cited the passage: “Any analyst at any time can target anyone. Any selector, anywhere I, sitting at my desk, certainly had the authorities to wiretap anyone, from you or your accountant to a federal judge, to even the President.”

“We’re always looking for fuel to keep our senior executives and board funding zero trust, and the passages in Snowden’s book are effective in accomplishing that task,” one cybersecurity director told VentureBeat.

A core tenant of zero trust is monitoring everything. The Snowden book provides a cautionary tale of why that is essential.

System and security admins interviewed by VentureBeat admit that internally launched cyberattacks are the hardest to identify and contain. A stunning 92% of security leaders say internal attacks are equally as complex or more challenging to identify than external attacks. And, 74% of enterprises say insider attacks have become more frequent; more than half have experienced an insider threat in the last year, and 8% have experienced more than 20 internal attacks…

Read Full Source: VentureBeat

By Louis Columbus

Tiago Ramalho
More equitable future for food distribution with AI At best, only 70% of food gets used in the United States. The rest goes to waste. Although devastating, the good news is this massive waste of ...
Alex Dean
Enabling Privacy and Personalization Most businesses today rely on data collected online to better understand their customers and deliver more personalized products, services and experiences. These insights can be transformative for an organization, especially when ...
Cloudtweaks Comic Ai
How AI Is Important for Businesses Shifting to Remote Work The Coronavirus Pandemic has taught us that organizations must have remote work choices. It is no longer possible to work in a digital environment. The ...
Ron Cadwell
Net Zero Emissions Designs Sustainability has become an increasingly frequent topic of discussion for data center operators, with many pledging to be carbon-free as soon as 2030. But are these commitments a response to the ...
Steve Prentice
The Need for Experts The explosion in AI technologies has brought with it clear concern that easy answers and intelligent copywriting are now the domain of machines. This has led to the question of whether ...

Get Smarter

Whether you're just starting out in the online industry or looking to take your skills to the next level, Get Smarter eLearning platform is the perfect choice for you. Sign up today and start your journey towards online success!

Use code LEARN15 to enjoy 15% off all courses.