Over the last few years, there has been a rapid shift towards working-from-home, with more and more businesses offering remote or hybrid working styles.
But despite there being lots of upsides to this way of working, this shift has had an impact on several areas of the business, not least of all, security.
As our people have shifted to connecting from anywhere and using cloud applications, attackers have focused their attentions on the privileges and access levels of our people. They are less concerned with breaching perimeters and exploiting services and more interested in exploiting our identity
The result? Identity has become the new attack surface.
This shift has highlighted the need for organizations to offer a more holistic, identity-centric approach to security, and we’re going to look at this in more detail below.
What is an identity-based attack?
We first need to understand what we mean when we say identity is the new attack surface. There was a time when hacking into corporate systems meant having to infiltrate the business as a whole.
Now that many professionals work as a single entity from home, in cafes, on the move, etc., cybercriminals have begun to target computer systems and networks on an individual level.
In an identity-based attack, cybercriminals hope for access privileges to corporate systems and compromise individual identities. That way, they have the power to extract data, take over entire IT environments, launch ransomware and more.
Most concerning of all, these criminals can bypass standard perimeter defenses with very little effort or technical know-how, increasing the risk of a potential attack.
The current state of identity-based attacks
As individual identities become more of a target, IT and security professionals need to rethink their strategies in order to protect their businesses. Of course, attacks on individuals are not new. Despite the widespread adoption of Privileged Account Management (PAM) and Multi-Factor Authentication (MFA). every organization still has exploitable identity risks at the rate of 1 in 6 endpoints.
Not only this, but 40% of shadow admin (those with sensitive permissions that can escalate the privileges of others) can be exploited in just one step. This could be because privileged account passwords are left exposed on 13% of endpoints.
As you can see from these statistics, more needs to be done to protect these endpoints and stop identity attacks in their tracks.
What happens when they get in?
Unfortunately, once an identity has been exploited, the threat actors have the power. They can begin to move laterally through an organization's systems, collecting intelligence, compromising data, and even distributing malicious payloads.
So, as you can imagine, the longer these cybercriminals go undetected, the more identities and information they can compromise. And this can have potentially devastating consequences for both businesses and the individuals involved.
The key challenges in finding vulnerable identities
One of the biggest challenges that businesses are facing is outdated security models. As a result of the shift in remote and hybrid working, current security models are not fit for purpose. They don’t address identity as an attack surface.
Therefore, identity can no longer be treated as a basic access function. It must now be managed, carefully monitored and treated as a resource.
Part of this monitoring, and another key challenge, is permissions. A recent study found that 51% of organizations have suffered a security breach due to employees with unnecessarily high permissions. This is something that needs to be evaluated and new systems must be put in place to ensure that employees only have completely necessary permissions in the future.
The last big challenge, as we’ve detailed above, is that threat actors can move very quickly once they have compromised an individual, wreaking as much havoc as possible. This is why organizations must do all they can to highlight vulnerabilities, bolster their security and know how to stop a criminal in their tracks should they get through.
5 ways to break the chain and protect your business
That adage is true ‘the attacker only has to be right once, but defenders have to get it right every time’. Of course, no one is perfect and you can’t get everything right 100% of the time. But there are several steps you can take to protect your business and its people from identity-based cyberattacks. These include:
1. Being clued up and staying up to date
The best way to avoid identities being compromised from the start is to know who is being attacked and how, and to stay ahead of evolving threats as much as possible. This can also be done by automating tasks and reducing workloads to avoid phishing emails and other malicious content getting through in the first place.
2. Stopping lateral movement in its tracks
If an attacker does get into your system, you have a problem and you need to address it right away before it gets bigger. Tools like Proofpoint’s Identity Threat Defense can help to detect and prevent identities that are at risk to stop lateral movement and escalation.
3. Protecting your information from the inside
It’s also important to use information protection, insider threat management, and data loss prevention tools to protect data from the inside. This can help to prevent the loss or theft of information.
4. Making a map of your organization
Attackers' patterns become unmistakable over time, so if you can map out your organization's system, endpoints, and how they're getting in, you can put extra barriers in place to stop threats from spreading through your systems.
5. Introducing ITDR
Identity Threat Detection and Response (ITDR) is a new class of tools specifically designed to protect and defend identities from exploitation. So, to combat escalating threats, you need to embrace these new best practices and comprehensive security controls and introduce them into your business.
By understanding identity as an attack surface, using our tips above, and investing in the right tools, you can protect individual identities and safeguard your organization. Find out more in Proofpoint’s magazine, New Perimeters – Identity is the New Attack Surface.