The COVID-19 pandemic sounded the death knell for the traditional perimeter. Work is now an activity, not a place, meaning the concept of an encircling wall of security is as out of date as a PC running Windows 95.
In an era when people are working from cafes, sheds, bedrooms and anywhere else they can get some peace and an internet connection, identity is often hailed as the new perimeter. In fact, it is context that represents today’s perimeter, with identity providing the killer context.
Context can raise a red flag whenever a user’s activity goes against their usual pattern of behavior. The time of authentication is one obvious piece of contextual information. If a user logs on at 6am on Sunday morning, there is a risk that their account has been compromised and a bad actor is seeking access. Their location, the device they are using and details of the data they are trying to access also provide useful contextual information which can be used to deny access whenever an account behaves unusually.
The need to incorporate identity and context at the heart of cybersecurity is clearly illustrated by an alarming increase in the creativity of phishing attacks in which hackers impersonate trusted cybersecurity vendors or use a proxy site to mirror an MFA authentication page – an approach seen in the Microsoft attacks when attackers inserted a proxy site between users and their work server. The threat was also illustrated when the European Central Bank had a close call when hackers posed as Angela Merkel in a bid to trick President Christine Lagarde into opening an account with a messaging app.
A rise in the sophistication of threats requires a step-change in cybersecurity. Here are four ways to stay in control as storm clouds gather over the threat landscape.
1. Tackle insider threats
Stolen credentials are involved in almost half of all attacks, according to this year’s Verizon Data Breach Investigations Report. It is not always external actors that steal these credentials – a fact reflected in the recent OpenSea NFT data breach in which its email database was leaked by an employee.
Insider threats cause up to 60% of data breaches, according to ID Watchdog. The risk is growing exponentially as the cloud pushes data across ever-growing networks, making it easier for insiders to access sensitive data or credentials.
To tackle this threat, identity services must be able to spot unusual and suspicious behavior. Identity-as-a-service (IDaaS) and other identity-based security systems are vital tools for managing unauthorized access to the network. They can also tie actions within the network to a specific identity, controlling data access or even in-app downloads.
A good IDaaS solution should be able to apply identity-based, context-aware rules across an organization’s ecosystem to spot unauthorized behavior before it leads to a breach. It should be capable of operating autonomously to authenticate the right users based on contextual data – and block access based on suspicious activity.
As organizations build larger and more complex cloud-based data landscapes, they should create a zero-trust environment which protects against threats on the inside as well as external risks. Through intelligent, autonomous defense technology, businesses can also implement systems that analyze far more than just a password or one-time code when determining whether a user is granted access to a system or data. IP addresses, past behavior, endpoint ID, geolocation and the time of day are just some of the data points that should be gathered and analyzed by an intelligent IDaaS platform to decide whether an access request should be granted. A modern approach to identity within the network can help to mitigate the risk of insider attacks.
2. Protect against social engineering
Phishers are getting smarter and more audacious by the day, with CEO fraud and attempts to compromise business emails (BEC) representing a serious and growing threat. The FBI has warned that BEC now results in more losses than any type of cyber scam, costing victims more than $2.3 billion last year.
Organizational policies can help to reduce the threat. For instance, implementing a process for handling email requests to make urgent bank transfers, ensuring manual approval for payments above a certain threshold, and continuously training all staff can make sure that phishing emails do not lead to financially and reputationally devastating breaches.
Awareness and training must be combined with multi-layered email security that combines content analysis, threat intelligence, and executive name checking. This means that if an employee receives an email containing the words “‘urgent wire transfer” or similar, it should be flagged. However, this is only a first step and is not enough to fully protect against BEC and CEO fraud. Tagging external emails and using executive tracking to identify senior leadership names in header and envelope fields is the next step. Checking emails against a list of safe domains can also reduce the risk, as well as cutting down the likelihood of false positives.
3. Squash social media attacks
In the first quarter of 2022, LinkedIn was involved in 52% of all phishing scams. These attacks involve criminals targeting employees and persuading them to hand over credentials or stolen data. LinkedIn passwords can also be a threat if staff members reuse credentials across platforms. MFA can protect against this risk and prevent unauthorized access enabled by password phishing, theft, or brute-force attack.
It is also important to take control using federated identity standards to authenticate users with something other than a password. Weak passwords are not a problem if they are replaced with secure tokens and assertions. Unfortunately, scammers will always find a way of stealing the information they need – or tricking staff into handing it over. IDaaS and MFA can ensure the credentials they steal do not allow unauthorized access.
4. Address the human element
An organization’s staff can be its greatest asset. Unfortunately, they can also be a cybersecurity liability. Employers should work to create a culture of security that teaches employees to question the content of emails and educates them about phishing techniques.
IDaaS has a particular role to play as it can eliminate the use of unsanctioned apps and limit dangerous behaviors within those apps whilst extending enterprise identity protections across all applications.
By locking down the vulnerabilities associated with the human element of cybersecurity risk, organizations can boost their cyber resilience and reduce the risk of suffering a breach.
The perimeter is gone – but in its place, a new normal has arisen in which context is king and identity is integral. To solve the challenges created by the human element, social media attacks, insider threats, and BEC, organizations must secure the new perimeter or be left to count the cost of a devastating breach.