Solutions Review compiles the best identity management advice from the first half of 2021.
As part of our ongoing research into the cybersecurity market, Solutions Review frequently covers the latest in data breaches, cyber-attacks, and authentication failures. When we do this, we try to accompany the facts with expert advice and perspectives from some of the most recognized voices in cybersecurity.
As a result, we’ve accumulated several relevant pieces of identity management advice from the first half of 2021, generated by attacks and breaches. We decided to curate our favorites into one article. Here they are:
Best Identity Management Advice from the First Half of 2021
Nathanael Coffing is CSO at Cloudentity.
From: Identity Management Experts’ Commentary on the Pixlr Data Exposure (January)
“With hundreds of thousands of user emails and login credentials exposed in this breach, users are at great risk of credential stuffing and/or phishing attacks. It doesn’t take much for bad actors to cross-reference the compromised data with previously breached records and create accurate profiles of the breach victims. Hackers already have access to previously stolen data on the dark web, which allows them to easily weaponize this free information for their own malicious gain and target users’ financial or healthcare information.
To avoid future database breaches of a similar nature, organizations need to implement strong methods of secure authorization for all users. To ensure sensitive information is safeguarded, enterprises must implement continuous contextual, fine-grained authorization on the API level, in addition to multi-factor authentication (MFA). By taking these proactive measures to authenticate users and protect their data, organizations can avoid data breaches and the negative consequences that come along with them.”
Saryu Nayyar is the CEO of Gurucul.
From: Findings: F5 2021 Credential Stuffing Report with Commentary (February)
“The recent report from F5 on the state of credential theft volumes and their use in cyber-attacks over the last four years is interesting and shows many organizations are still not following industry best practices for securing user credentials.
“Credential theft can have long-reaching and expensive aftereffects in lost revenue, incurred mitigation costs, and loss of customer trust – which is itself difficult to put a price on. Preventing or blunting attacks before they lead to a major breach is generally much less expensive than suffering the fallout from an attack. By following best practices and making sure the organization’s security stack is up to date, including MFA, security analytics, and other technical measures, organizations reduce their risk of being breached in the first place, and can prevent extensive damage.”
Ray Canzanese is Director of Netskope Threat Labs.
From: Security Start-up Verkada Suffers Breach of Over 150,000 Cameras (March)
“Unfortunately, we see a lot of companies who don’t apply multi-factor authentication to super-admin accounts with root privileges. This type of hack is preventable if companies have tighter control over super admin credentials to prevent leaks, use multi-factor authentication to prevent leaked or stolen credentials from being used, and monitor access to detect things like failed log-in attempts which can be a precursor to unauthorized access. These types of attacks are becoming more common as more organizations move to cloud and don’t have the policies or measures in place to secure a cloud-first environment.”
Tom (TJ) Jermoluk
Tom (TJ) Jermoluk, Co-Founder and CEO, Beyond Identity.
From: Expert Identity Management Day Best Practices (April)
“We are tracking three key trends in identity management. The first is the adoption of passwordless authentication. By this we mean actually eliminating passwords as one of the authentication factors, enabling companies to stop ransomware attacks based on brute-forcing RDP and eradicate the entire class of credential-based attack TTPs used in account takeover attacks. Second, many organizations are looking to replace traditional multi-factor authentication (MFA), which often uses passwords or other ‘shared secrets,’ with solutions that implement only secure factors and reduce friction for end-users – for example, by not requiring employees or customers to pick up a second device or fish a one-time password out of their SMS or email. The last, and maybe most important trend, is the confluence of cybersecurity and identity management. One important manifestation is to evaluate the security posture of the endpoint device at the time of login and make a risk-based decision on whether to allow access to cloud apps and resources.”
Rajiv Pimplaskar is CRO of Veridium.
From: The Air India Data Breach: Expert Commentary for Enterprises (May)
“While the exact cause of the SITA data breach is not yet known, it is clear that loyalty accounts, such as frequent flier or hotel rewards programs are prime targets or “honeypots” for credential theft since they contain rich Personally Identifiable Information (PII). Further, loyalty accounts have less stringent rules around password resets or reuse as compared to financial services accounts employing multifactor authentication (MFA) methods thereby making it easier for credential harvesting and lateral movement.
“Verizon’s Data Breach Investigations Report (DBIR) indicates that over 80 percent of data breaches use compromised credentials. Airlines and the hospitality industry need to accelerate their adoption of passwordless technologies such as “phone as a token” or FIDO2 security keys that eliminate this dependence on credentials. Passwordless authentication can reduce the attack surface of such breaches as well as limit the resulting data exposure. Finally, such authenticators have less friction and can be adopted by both employees and customers improving user experience and productivity.”
Garret Grajek is CEO of YouAttest.
From: Expert Commentary: The JBS Foods Cyber-Attack (June)
“Though the details of the JBS attack are not out, it’s a pretty safe bet that the method of intrusion involved credential theft and privilege escalation. Both of these are key components in the cyber kill chain, the identified method of attack of most exploits. Attackers find a weak way into the system, via stolen passwords, default account credentials, phishing, or some other means. From there, they use lateral movement across the enterprise and privilege escalation to obtain system access to important data. This is why account reviews and knowledge of privilege changes are imperative to a well-controlled enterprise.”
Thanks to these experts again for their commentary. For more, be sure to check out the Identity Management Buyer’s Guide, the Privileged Access Management Buyer’s Guide, the Identity Governance Buyer’s Guide, or the Solutions Suggestion Engine.
- The Best Identity Governance Tools and Vendors in 2023 - December 31, 2022
- The Best Privileged Access Management Providers for 2023 - November 1, 2022
- The 10 Best Free and Open-Source Identity Management Tools - October 15, 2022