Identity-based cyberattacks are on the rise and quickly becoming favored by hackers looking to compromise multiple organizations at once. The recent data breach of 23andMe exposed millions of users’ private information, including DNA relative data, family tree data, and user profile information. Recycled login credentials were among some of the most concerning information exposed.
Attackers often leverage these stolen credentials by trying them across a wide variety of other online services – a tactic called “credential stuffing” – on the premise that users recycle these same credentials across their various accounts. These types of breaches add to the continued exposure of identities, making identity security more important than ever. The enterprise damage that can be done as a result of leaked login credentials is devastating. Hackers can easily slip past an identity and infiltrate further, interrupting operations or stealing sensitive information.
Phishing attacks are also surprisingly effective at endangering identities, with nearly 1 in 20 employees falling victim, even in trained organizations. Attackers cast a wide net with generic messages hoping to steal credentials to launch further attacks. More targeted spear phishing relies on research and personal touches to trick specific victims, often leveraging emotions of curiosity or fear.
Identity has become the new attack surface perimeter. Cyber defenses haven’t caught up to this reality yet, which is why these breaches are continuing to happen. To create a cyber risk strategy that adapts to the threats of today, organizations should understand the cyberattacks that got us here and the devastating impacts they had across their customers, why leveraging cloud and AI-powered technology to protect identities is imperative to stay ahead of these malicious attacks and the importance of uniting teams around the common goal of creating a more cyber resilient environment.
90 percent of organizations have experienced at least one identity-related breach in the past year, making identity management more complex now than it has ever been. The number of identities that are being managed is increasing dramatically. Multiple identity access management products may be deployed simultaneously, spreading identities across multiple clouds. Having so many different solutions overlapping can make it easy to miss critical context. Attackers will jump on the likelihood of vulnerabilities and the inability of a sprawling tech stack to catch them. To stay ahead of these malicious attacks, organizations need to be looking for next-generation identity and access management solutions that can effectively work across a complex hybrid infrastructure and help to reduce identity sprawl.
Solutions that incorporate generative AI, for example, are beneficial for understanding data correlation and automating more repetitive tasks. AI introduces new efficiencies that free up security analysts who are constantly weighed down with red and yellow flag investigations – allowing them to direct more of their focus on higher-level decisions. Additionally, AI helps with threat detection and response by taking a closer look into an organization’s systems and providing automated explanations as to why attacks are happening, what additional exposures may look like, and how to remediate them. This greater efficiency allows security teams to flag high-priority incidents quickly to effectively secure the identity attack surface.
While it’s important to address challenges with identity management at a technical level, it is equally, if not more, important to address these challenges from an educational perspective. Effective education is a must-have for shifting team understanding of security threats, recognizing identities are high-risk parts of the attack surface, and emphasizing how employees can unknowingly contribute to these risks. Organizations need to foster a culture that is committed to a security-first mindset by developing a strong incident response plan that empowers users and informed participants to work together as one, avoiding decentralized, separately managed entities. While this isn’t a bulletproof method, it is highly effective at increasingly stopping attacks early. After all, if you have no plan or recovery option, it’s going to cost you.
Organizations as a whole need to adopt an identity mindset and significantly shift their cultures, and they need to invest in the right tools to face this current reality. To accomplish this, there should be an understanding of how cyberattacks are targeting identities. Utilizing modern solutions, such as AI, will drive efficiency, reduce busywork, and point security analysts’ attention to the weakest link.
Lastly, organizations must incorporate an incident response plan built upon education, especially around the negative consequences of recycling login credentials creating a culture that breaks down silos and makes cyber resilience best practices easy to understand. Looking forward, attackers will continue to adapt to new ways of compromising identities, and organizations that take past attacks, next-generation technologies, and team culture into consideration can stay ahead and protect all identities.