A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response
“It took nearly 11 months (328 days) to identity and contain data breaches resulting from stolen or compromised credentials.” – IBM’s Cost of Data Breach Report 2023
I recently came across a 2012 article from CSO Online, and realized that it has been more than 11 years since the phrase “Identity is the new perimeter” was coined!
Unsurprisingly, identity continues to be the 'new perimeter' and stolen credentials remain one of the most common attack vectors today. What gives?
One hypothesis is that identity suffers from lack of resources or prioritization and is typically bucketed as an IT function rather than a security one. One piece of evidence to support this hypothesis is the low adoption of a basic security control that protects against identity-based attacks - multi-factor authentication (MFA). According to a 2023 Cisco Duo sponsored survey, only 62% of organizations make MFA mandatory for their entire workforce. Security professionals agree that passwords are low hanging fruit for cybercriminals and can even be the keys to the kingdom when the compromised passwords belong to privileged accounts. Add to this, the risks of weak authentication factors such as SMS one-time passcodes and dormant or inactive accounts.
Another piece of evidence to support the hypothesis – IBM’s report found that only one in three breaches were detected by the targeted organization’s security teams or tools. And 40% of breaches were disclosed by neutral third parties. This indicates that organizations lack the necessary resources and/or tools to detect and mitigate breaches stemming from compromised identities.
The attackers, on the other hand, are getting savvier. Recently, on the heels of a major breach, Microsoft’s article recognized Octo Tempest as “one of the most dangerous financial criminal groups.” This group of English-speaking threat actors are known for launching sophisticated campaigns that can bypass weak MFA implementations, leveraging tactics such as SIM swapping, adversary-in-the-middle (AiTM) techniques, and social engineering to gain unauthorized access to organizations’ sensitive data.
“We’re increasingly aware of high-profile attacks that have gone through the authentication layer. This changes how we think about buying.” - Financial Services Customer
All this points to a clear and present need for a defense-in-depth approach to mitigate breaches due to weak identity security posture. First, IT teams must ensure that their Identity Security program is built on a strong foundation with the right tools. This entails:
Organization-wide adoption of strong MFA and requiring only phishing-resistant MFA such as using FIDO2 security keys for privileged accounts
Ensuring only managed or trusted devices are granting access to corporate resources; this is a powerful policy that is effective against remote phishing attacks
Leveraging a modern single sign-on solution as a policy enforcement tool to apply principles of zero trust and least privilege access for each application
Once these tools and policies are in place, Identity Threat Detection and Response (ITDR) can bolster an organization's identity security posture by arming the IT security professionals with both proactive and reactive tools. On the proactive side, ITDR can detect policy misconfigurations, excessive privileges, and high-risk scenarios such as dormant or inactive accounts or accounts with MFA disabled. On the reactive side, the tool equips IT teams to respond to suspicious activities such as new MFA device registration, superman (unrealistic travel) logins, access from a new device or location and more.
Early detection and containment can significantly minimize the financial and reputational impact of a breach. An ITDR solution can help security professionals do just that!
At Cisco Duo, we are thinking about how we can help customers avoid a fragmented approach focused on only one identity source and empower security professionals with the ability to leverage multi-source identity data that provides contextualized risk insights from across the organization. Stay tuned for an exciting announcement at Cisco Live Melbourne in a couple of weeks on how Cisco can help further your Identity Security goals. In the meantime, read this blog on How to Evaluate the Best Access Management Solutions.
And Sign-up for a free 30-day trial to see how Cisco Duo can improve your identity security posture.
Here are additional relevant resources about how to improve your identity security posture:
On-Demand Webinar (no email needed): How to Prevent Attacks That Bypass MFA