Compromised identities are still a massive cybersecurity risk to organizations – Biometric Update

With our increased use of technology, we’re at an increased risk of cyber attacks. Most devices connect to the internet, including our smartphones, credit card processors, and enterprise computers, leaving us vulnerable.
Cyber security is a big focus for governments and organizations all over the world. Everyone understands the possible damage to their financial health and reputation if a breach occurs.
Unfortunately, many of these organizations are overlooking the risk from within. Insiders are a source of risk, and some of the most high-profile attacks happened because of compromised identities.
Big breaches make headlines. We hear of cascading technological failures or malicious hackers from distant lands, giving us a false sense of security.
But breaches can happen to any organization. The SolarWinds breach is a good example of a breach that happened because of compromised credentials and routine software updates. The hack required the user download a contaminated update and deploy it, then connect to the it’s command and control so the attackers could gain remote access.
The results were alarming. The attackers even found their way into multiple government networks and critical infrastructure..
That’s not the only breach which involved compromised credentials. The Colonial Pipeline attack began with hacked credentials from an inactive account. With just one password, attackers disrupted the fuel supplies to the U.S. Southeast, hindering the fuel deliveries to major East Coast markets. In this case, multi-factor authentication would’ve made the attack more difficult or at least put another security measure between the attacker and critical systems.
The similarity with these breaches is that cyber security was less robust than it needed to be, but the ultimate root cause was still weak credentials.
These are the primary types of insider risks:
Restrictive policies can be helpful for cyber security, but they may not cover compromised identities. They also inhibit innovation and productivity.
Having robust cyber security protocols and technologies in place is vital to build a foundation of defense, but it’s not enough. Organizations need broad initiatives like zero-trust architecture that includes zero friction security to promote a good user experience with security.
The guiding principle of the zero-trust model is to never trust, always verify. Instead of assuming everyone is good and safe, the model verifies each request as though it came from an unknown source, no matter if it’s from an employee or familiar application.
All users must be authenticated, authorized, and validated before they can access applications and data. Least privilege and micro-segmentation can be used to minimize lateral movement as well, ensuring that a malicious hacker can’t do as much damage. If a breach does occur, analytics are used to detect and respond to threats.
Zero trust relies on five guiding principles:
Zero trust encompasses a number of defense areas, including:
Zero trust has been around for a while, but it’s important for the new threats we face in cybersecurity. Businesses keep amassing more data and working with geographically distributed teams, creating complexity in cyber security. Cyber criminals know that they can gain sensitive data through compromised identities, but the zero trust model with least privileged access offers a robust solution to protect against threats and mitigate damage. 
Joseph Carson is a cybersecurity professional with more than 25 years’ experience in enterprise security and infrastructure. Currently, Carson is the Chief Security Scientist & Advisory CISO at Delinea. He is an active member of the cybersecurity community and a Certified Information Systems Security Professional (CISSP). Carson is also a cybersecurity adviser to several governments, critical infrastructure organizations, and financial and transportation industries, and speaks at conferences globally.
DISCLAIMER: Biometric Update’s Industry Insights are submitted content. The views expressed in this post are that of the author, and don’t necessarily reflect the views of Biometric Update.
continuous authentication  |  cybersecurity  |  Delinea  |  digital identity  |  enterprise  |  identity access management (IAM)  |  Zero Trust
This site uses Akismet to reduce spam. Learn how your comment data is processed.
Continue Reading
Learn More
Copyright © 2022 Biometrics Research Group, Inc. All Rights Reserved.
Web Design by Studio1337



Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top