With the increased use of cloud services and remote work, cybercriminals are increasingly targeting digital identity. Identity-based attacks are now even one of the biggest threats to companies! In today’s blog post, we deal with the challenge of digital identities for companies, explain how they are created, why they require the highest level of protection, and how security for digital identities can be achieved with the Zero Trust approach.
Digital identities – New World Of Work, New Attack Vectors
For many employees and companies, hybrid working models as a mixture of office work, mobile work, and classic office work have become increasingly typical and part of corporate culture, which will probably also be part of the working world after the pandemic years. A current study by the digital association Bitkom underlines this: According to this, nine out of ten employees would like to work at least partly in the home office even after the corona pandemic, eight out of ten (80 percent) would like to have a permanent workplace in an individual office.
This new way of working – flexible and location-independent – has also significantly accelerated the cloud adaptation of companies: Today, cloud-based services are an essential part of many business processes and facilitate the exchange of files and collaboration.
However, with the increased use of cloud services, the number of digital identities is also increasing – and cyber attackers are increasingly targeting these. Cyber attacks on digital identities are now among the greatest threats to companies.
Digital Identities Are Created Every Second.
Those who access corporate networks and applications from home or on the go via collaborative applications, VPNs, and other services do so using a username and password. Already today, 83 percent of applications require some form of authentication to gain access to online services, and the trend is rising. And the more these digital identities exist, the more attack vectors there are.
No wonder, then, that digital identities are coveted information. And to get to this, cybercriminals are resourceful: the attackers try, for example, to get legitimate authentication data for cloud services such as Microsoft Office 365 (O365), Okta, or online webmail accounts via fake authentication pages to use this data later access their victims’ accounts and hosted email or file hosting services.
Who Are The Perpetrators, And How Do They Work?
The perpetrators can be state actors, hackers, activists, or organized cyber gangs. One state grouping that has since become well-known is FANCY BEAR, a Russian military intelligence service GRU unit. Their approach to credential harvesting demonstrates the adaptability and sophistication of their operations over the years, with the volume of data siphoned remaining consistently high.
Zero Trust Approach: Increase Security
Protection against threats with stolen identities is, therefore, of crucial importance for companies. The risk of data loss and the extent of the damage in the event of a compromise can be massively reduced using the Zero Trust approach.
The basic principle here: nobody trusts anybody – no person, no location, no device, and no network. Instead, the existing risks must always be determined, whether internal or external users, company-owned or third-party devices, or internal or external networks. Depending on this risk, authorizations are granted, and access is granted.
Conversely, this also means that digital identities must be secure. Otherwise, Zero Trust cannot provide the desired location- and device-independent security. Imagine, for example, a (supposed) employee working from home calling the service desk and asking for help resetting a password. However, if the call is a social engineering attack and the password is reset for an attacker with a fake identity, they can impersonate an employee.
Therefore, central management of identities and access rights to different systems or applications, but also rooms or entire buildings, is an elementary part of the security strategy in companies. Identity and Access Management (IAM) take care of this central rights management system. You can grant and revoke access rights. For access rights to be granted at all, IAMs can authenticate and authorize users. In particular, multi-factor authentications are conceivable for authentication, which ensure secure user verification and unequivocally identify users. An option that our service desk would have from the example is to send a text message with a one-time code to the cell phone number associated with the user account.
The attack surface that companies offer to hackers is constantly increasing. Increasing digitization and, thus, cloud use inevitably leads to more interactions between people, applications, and processes – and thus also to more digital identities, which companies can only reliably secure with a comprehensive identity security approach.
Zero-Trust and Identity and Access Management can identify and validate a user before connecting to the network, closing many potential security gaps before they even arise.