Solving the identity crisis in cybersecurity
The evolving threat landscape is making identity protection within the enterprise a top priority. According to the 2022 CrowdStrike Global Threat Report, nearly 80% of cyberattacks leverage identity-based attacks to compromise legitimate credentials and use techniques like lateral movement to quickly evade detection. The reality is that identity-based attacks are difficult to detect, especially as the attack surface continues to increase for many organizations.
Every business needs to authenticate every identity and authorize each request to maintain a strong security posture. It sounds simple, but the truth is this is still a pain point for many organizations. However, it doesn’t need to be.
Why identity protection must be an urgent priority for business leaders
We have seen adversaries become more adept at obtaining and abusing stolen credentials to gain a foothold in an organization. Identity has become the new perimeter, as attackers are increasingly targeting credentials to infiltrate an organization. Unfortunately, organizations continue to be compromised by identity-based attacks and lack the awareness necessary to prevent it until it’s too late.
Businesses are coming around to the fact that any user – whether it be an IT administrator, employee, remote worker, third-party vendor or customer – can be compromised and provide an attack path for adversaries. This means that organizations must authenticate every identity and authorize each request to maintain security and prevent a wide range of cyber threats, including ransomware and supply chain attacks. Otherwise, the damage is costly. According to a 2021 report, the most common initial attack vector – compromised credentials – was responsible for 20% of breaches at an average cost of $4.37 million.
How zero trust helps contain adversaries
Identity protection cannot occur in a vacuum – it’s just one aspect of an effective security strategy and works best alongside a zero trust framework. To realize the benefits of identity protection paired with zero trust, we must first acknowledge that zero trust has become a very broad and overused term. With vendors of all shapes and sizes claiming to have zero trust solutions, there is a lot of confusion about what it is and what it isn’t.
Zero trust requires all users, whether in or outside the organization’s network, to be authenticated, authorized and continuously validated before being granted or maintaining access to applications and data. Simply put, there is no such thing as a trusted source in a zero trust model. Just because a user is authenticated to access a certain level or area of a network does not necessarily automatically grant them access to every level and area. Each movement is monitored, and each access point and access request is analyzed. Always. This is why organizations with the strongest security defenses utilize an identity protection solution in conjunction with a zero trust framework. In fact, a 2021 survey found that 97% of identity and security professionals agree that identity is a foundational component of a zero trust security model.
It’s time to take identity protection seriously – here’s how
As organizations adopt cloud-based technologies to enable people to work from anywhere over the past two years, it’s created an identity crisis that needs to be solved. This is evidenced in a 2021 report, which found a staggering 61% of breaches in the first half of 2021 involved credential data.
A comprehensive identity protection solution should deliver a host of benefits and enhanced capabilities to the organization. This includes the ability to:
- Stop modern attacks like ransomware or supply chain attacks
- Pass red team/audit testing
- Improve the visibility of credentials in a hybrid environment (including identities, privileged users and service accounts)
- Enhance lateral movement detection and defense
- Extend multi-factor authentication (MFA) to legacy and unmanaged systems
- Strengthen the security of privileged users
- Protect identities from account takeover
- Detect attack tools
Identity protection is sometimes seen as the last line of defense for organizations, which is why it should be a key component of an organization’s security posture. Organizations that revamp their identity security approach will be best positioned to stop breaches and maintain business continuity in an age of increased identity-based threats.
(The author is Mr. Mike Sentonas, Chief Technology Officer, CrowdStrike and the views expressed in this article are his own)