Why identity security is key to modern cyber defence

- Advertisement -

During the past few years, identity has become the most common attack vector for threat actors. This is because it is easier for a cybercriminal to log into a system than to hack their way in.

Threat actors essentially need two things to penetrate an organisation: an identity and a means of accessing it, and there are numerous ways they can obtain that access. Identity-based attacks are becoming both more sophisticated and more frequent. However, it is privileged identities that pose the greatest risk exposure point, with the widest blast radius.

If the threat actor is stealthy, their malicious activity can be difficult to differentiate from normal operations, allowing them to move laterally across accounts, assets, data, and applications without detection.

Hijacking the right identity — such as a highly privileged one — makes it easier for an attacker to achieve their goals. These goals may include reconnaissance, data exfiltration, or ransomware.

Identity security, and identity in general, is the foundation upon which an organisation controls access to systems and data. In the past, identity security was not as high on the agenda because organisations built walled-off corporate networks and controlled access through physical office locations. Now, organisations must prioritise identity as part of the overall security posture or face increased risks of compromise by a threat actor or a malicious insider.

With cloud, SaaS, and remote working, identities have increasingly become the perimeter itself. This means a single compromised identity could easily provide the keys to the kingdom if it is not properly secured, especially if that identity has significant privileges.

Effectively securing identities

To achieve effective identity security, organisations need to take several steps. These include:

  1. Improving identity visibility:
    Knowing what and where all identities are being used is one of the biggest Achilles’ heels for companies. Not only do identities touch many parts of an organisation, but many are also often unseen and unmanaged, which creates risk. Having the ability to see the full spread of identities across a landscape, along with the levels of privilege attached to them, enables effective monitoring, detection, and prioritisation of risks.
  2. Ensuring staff have a strong security mindset:
    It’s important to ensure all employees across the business understand the impact of their actions, as human error remains a significant driver of breaches. However, this must be approached with the right mindset. Employees may be a source of risk, but they are also a powerful line of defence. Training staff to be knowledgeable and to approach problems with a security mindset is key.
  3. Enforcing the concept of least privilege:
    No one should use root, administrator, or power-user accounts or privileges without proper change control and monitoring for inappropriate behaviour. Therefore, the concept of least privilege needs to be adhered to at all times to limit paths to privilege.
  4. Being aware of ‘zombie’ user accounts:
    Dormant, orphan, or ‘zombie’ accounts, unused privileges, and shared accounts all represent a gold mine for attackers, as they are valid accounts that can achieve lateral movement and privilege escalation while flying under the radar. Aiming to reduce the attack surface as much as possible by removing or restricting accounts, access, and privileges to only what is absolutely necessary is essential.
  5. Considering the infrastructure:
    Security teams often focus on protecting identities and accounts when, in reality, the account itself may not matter. The privileges and paths to privilege are what matter. When protecting privilege, it’s important to consider the identity infrastructure as well as the accounts.
  6. Coordinating across the organisation:
    An exploit on a single identity can have far-reaching effects across several different areas of an IT environment. This is known as an identity’s ‘blast radius,’ where an identity may reside in various systems or applications, and a breach in one system may lead to breaches in linked systems. It is important to ensure data is shared across different administrative teams and that security leaders are aware of the experts in each domain. Don’t wait until there is a potential attack to make a plan.

Rapid evolution

The identity security space is evolving rapidly, and changes to protective measures are regularly required. For this reason, having a knowledgeable team is essential to identify and implement the right solutions for effectively mitigating the attack surfaces in your environment.

The challenges posed by identity security are going to continue to grow. By taking the necessary steps now, organisations can be best placed to ward off attacks in the future.