Digital transformation, cloud migration and attacker innovation are expanding the attack surface. Over 70% of the organizations surveyed have experienced ransomware attacks in the past year: two each on average. Credential access was the number one area of risk for respondents (at 40%), followed by defense evasion (31%), execution (31%), initial access (29%) and privilege escalation (27%). Nidhi Shail Kujur of Elets News Network (ENN) spoke to Sumit Srivastava – Solutions Engineering Manager – India & SAARC at CyberArk to know how crucial, it is to secure digital identities across any organization
• Machine identities are now outnumbering human identities. What is your take on this?
Organisations today are using more devices and applications, relying on collaboration tools over multiple cloud platforms to keep business operations running locally and across geographical boundaries. As more businesses in India embrace digitalisation, we can expect the continued explosion in both human and non-human identities, which when not managed adequately, provide attackers with the opportunity to strike.
• Why is it crucial to secure digital identities across any organization?
Every major IT or digital initiative results in increasing interactions between people, applications, and processes, creating large numbers of digital identities. If these digital identities go unmanaged and unsecured, they can represent significant cybersecurity risk.
According to CyberArk’s global report, the CyberArk 2022 Identity Security Threat Landscape Report, the rise of human and machine identities – often running into the hundreds of thousands per organisation – has driven a build-up of identity-related cybersecurity “debt,” exposing organizations to greater cybersecurity risk.
The report shows that for 79% of organisations, cybersecurity has taken a back seat in the last year in favour of accelerating other digital business initiatives. Other findings include:
- Sixty-eight percent of non-humans or bots have access to sensitive data and assets.
- The average staff member has greater than 30 digital identities.1
- Machine identities now outweigh human identities by a factor of 45x on average.
- Eighty-seven percent store secrets in multiple places across DevOps environments, while 80% say developers typically have more privileges than necessary for their roles.
These findings reiterate the importance of securing digital identities across organizations.
Unfortunately, despite the serious and high-profile nature of various attacks including SolarWinds, 62% of organisations have done nothing to secure their software supply chain. 64% also admit that a compromise of a software supplier would mean an attack on their organisation could not be stopped.
• Why is there a sudden rise in identity-based attacks?
Digital transformation, cloud migration and attacker innovation are expanding the attack surface. Over 70% of the organizations surveyed have experienced ransomware attacks in the past year: two each on average. Credential access was the number one area of risk for respondents (at 40%), followed by defense evasion (31%), execution (31%), initial access (29%) and privilege escalation (27%).
• How can organizations protect themselves from such attacks?
The current threat environment requires a security-first approach towards prevention & protection. To prevent such attacks, organisations should consider the following to improve their security posture:
- Push for Transparency: 85% say that a Software Bill of Materials would reduce the risk of compromise stemming from the software supply chain.
- Introduce Strategies to Manage Sensitive Access: The top three measures that most CIOs and CISOs have introduced (or plan to introduce), each cited by 54% of respondents: real-time monitoring and analysis to audit all privileged session activity; least privilege security / Zero Trust principles on infrastructure that runs business-critical applications; and processes to isolate business-critical applications from internet-connected devices to restrict lateral movement.
- Prioritize Identity Security Controls to Enforce Zero Trust Principles: The top three strategic initiatives to reinforce Zero Trust principles are: workload security; Identity Security tools; and data security.
• What are the best practices for identity management within an organization?
Identity Management has become a crucial part of every organisation’s cybersecurity strategy. To maximise the benefits organizations must ensure the following:
o Establish a Zero Trust model: Zero Trust starts by assuming that any identity – whether human or machine – with access to your applications and systems may have been compromised. The “assume breach” mentality requires vigilance and a Zero Trust approach to security, one that is centered on securing identities. With Identity Security as the backbone of a Zero Trust approach, teams can focus on identifying, isolating, and stopping threats from compromising identities and gaining privilege before they can do harm.
o Adaptive multi-factor authentication: Organizations can secure access with a broad range of secondary authentication methods with Identity Adaptive Multi-Factor Authentication. Adaptive MFA adds security with less hassle. It eliminates reliance on passwords with a broad set of authentication factors, secures your entire enterprise to reduce the risk of security breaches and limits challenges to risky access requests based on context and behaviour.
Grant least privilege: The principle of least privilege (PoLP) refers to an information security concept in which a user is given the minimum levels of access – or permissions – needed to perform his/her job functions. It is widely considered to be a cybersecurity best practice and is a fundamental step in protecting privileged access to high-value data and assets. Least privilege extends beyond human access. The model can be applied to applications, systems or connected devices that require privileges or permissions to perform a required task. Least privilege enforcement ensures the non-human tool has the requisite access needed – and nothing more. Effective least privilege enforcement requires a way to centrally manage and secure privileged credentials, along with flexible controls that can balance cybersecurity and compliance requirements with operational and end-user needs.
• What are the latest trends that are dominating this industry?
With enterprises looking at improving their security posture, attackers too have raised their game. This means constant vigilance from end-user organisations must be the response. Some of the key cyber security trends that we believe will alter the cybersecurity landscape include:
Attackers Will Employ OSS to Automate and Magnify Supply Chain Attacks
Our digital economy runs on open-source software (OSS). But countless “open” and “free” OSS libraries also mean a dramatically expanded attack surface. The April 2021 Codecov breach gave us a glimpse of how one subtle tweak in one line of code can turn a completely benign library into a malicious one — putting any organisation using it at risk. We have seen attackers creating trojanised versions of original packages, which implement or download a backdoor or credential-stealing functionality.
Organisations therefore must remain vigilant, as these subtle attacks will rarely send up signals, making them extremely difficult to spot — especially as such libraries are deployed into the pipeline as part of legitimate day-to-day operations. This has huge implications for India, as many government entities and start-up firms use a huge number of open-source components.
Ransomware as a Service will drive 2022 attacks
The evolution of ransomware as a service (RaaS) has only just begun. In 2022, the provision of ransomware will continue to evolve from cottage industry to something more akin to coteries of specialists. We will see operator-driven ransomware expand, with a clear distinction between off-the-shelf ransomware payloads and delivery methods with skilled practitioners moving through networks and experts that make the actual ransomware code.
Attackers will target lucrative supply chains
Supply chain attacks were historically conducted by state sponsored actors going after high value targets, or with high return-on-investment (the Kaseya breach being one of many examples). However, widespread anti-phishing controls have raised the operational cost for such attacks. As a result, we will see supply chain attacks become more prevalent and utilized as an attack vector by a larger portion of actors due to higher ROI, as well as the fact that the supply chain is becoming the weakest link in the chain.