It’s still true: Rotating passwords and choosing complex passwords that are unique to each account are good cybersecurity practices for anyone. “And the inverse is also true: If you get it wrong, you’re opening yourself up to all kinds of attacks.” Stronger authentication “If you can get identity right, you’re protecting yourself from all attacks, at some level,” McKinnon said. The adoption of an identity threat detection tool is worth considering, as is technology for helping to secure the use of unmanaged applications, or “shadow IT,” experts said.įocusing on identity is critical because today, “all attacks become identity-based attacks” at some stage of the incident, said Todd McKinnon, co-founder and CEO of widely used identity platform Okta. Meanwhile, given the inevitably of breaches using credentials, getting improved visibility into IT environments is key. “Identity has become that first level of defense. In response, mid-sized and large enterprises should explore deploying stronger authentication and make authorization technology - which includes access and permissions controls - a bigger focus of their cybersecurity strategy, industry analysts and executives told Protocol. Stolen credentials are also now widely available for purchase on the dark web, fueling the surge in identity-based attacks. And that’s a massive shift.”īreaches involving usernames and passwords jumped 35% in 2021 alone, identity management and security vendor ForgeRock recently reported.
In today’s enterprise, “identity and security are very merged,” said Vasu Jakkal, corporate vice president for security, compliance, identity, management, and privacy at Microsoft.
While the theft of passwords and other credentials has long been a part of the hacker playbook, identity-based attacks have risen to the forefront with so many employees now working outside of a corporate network firewall. Illegitimate use of credentials was responsible for 48% of breaches in 2021 - by far the largest vehicle for breaches - up from 37% in 2017, according to data provided by Verizon to Protocol. From the SolarWinds and Colonial Pipeline cyberattacks to the latest attacks against Twilio and Uber, a common thread runs through many of the high-profile breaches in recent years: The attackers succeeded by targeting identity credentials.Īnd all those breaches that you didn’t hear as much about? Chances are that those involved credentials, too.
0 kommentar(er)
