How CISOs Can Solve the Identity Puzzle
Ken Deitz, the Chief Security Officer/Chief Information Security Officer at SecureWorks, explains how CISOs can help their organizations solve the identity puzzle. This article originally appeared in Insight Jam, an enterprise IT community that enables human conversation on AI.
My favorite definition of “Identity” comes from the World Bank: “Identity refers to the combination of characteristics or attributes that make a person unique in a given context.”
Our identity is highly valuable to cybercriminals, especially within the digital context. Identity crime is not new to the 21st century, but in an increasingly global world connected via remote devices and software, the risk of identity threats is high and even higher depending on whose identity cyber-criminals target. If they can impersonate an employee with access to proprietary or financial information, the consequences can be significant. According to our data, 95 percent of organizations are impacted by critical misconfigurations of the systems used to manage digital identities.
Digital identity systems are designed to address three fundamental questions. The first question is foundational: “Who are you?” This establishes the individuality of a person in the digital space. The second question seeks verification: “Are you who you claim to be?” This is where one proves the authenticity of their claimed identity.
The third question pertains to permissions: “What are your authorizations, or what are you eligible for with this identity?” This is about presenting one’s identity to a system to gain access or services, akin to what we implement at SecureWorks under the umbrella of access management. Hundreds of thousands of identities spanning multiple systems across disparate geographies make identity a complex web to unravel—which is precisely what threat actors are counting on.
In the last three years alone, we’ve observed a 688 percent surge in stolen credentials available for sale in one of the largest underground marketing places. A few weeks ago, our researchers observed a cyber-criminal selling Remote Desktop Protocol access to 5 US-based corporations. Their revenue ranged from $5 – $225M, and the access for sale includes rights for four users and one admin. The starting price is $2,000, and the buyout price is $4,000. That’s a small layout for a potentially huge payout.
Reframing the Problem
I’m not here to fearmonger. It’s important to understand the risk in order to proactively defend against it. Throughout my career, I’ve led with the three following pillars that provide the strategic backbone for identity protection and response:
1. Easy to use and abuse-resistant:
Security leaders often face the challenge of implementing identity verification processes that are easy for their stakeholders to use while also being robust enough that threat actors can’t easily circumvent. If the identity technology is too difficult to use and causes friction, users will resort to less secure methods of authentication.
Multi-factor authentication (MFA) is now the norm in most organizations. Technologies like passkeys and authentication apps from Microsoft and Google exemplify advancements beyond traditional one-time passwords, offering better phishing-resistant authentication methods. The FIDO Alliance represents a collaborative effort to create passwordless authentication standards. FIDO2 is the latest iteration, allowing users to use familiar devices to authenticate seamlessly to online services across mobile and desktop platforms.
2. Monitor, detect, and respond:
Controls like MFA are a great start, but they aren’t enough. When so much relies on identity, leaders must also proactively monitor, detect, and respond quickly to identity-based threats. Identity threat detection and response (ITDR) solutions are quickly becoming critical security controls, providing comprehensive monitoring capabilities and enabling organizations to detect and address any misuse of identity systems swiftly.
Do we have identities for sale on the dark web? Has an identity been compromised? Are there suspicious attributes about an identity interaction that deviate from what we normally see with a given user? A good ITDR solution is one that proactively monitors for identity breaches in their system and on the dark web, alerts users to potential identity threats, and has automated robust response capabilities that include actions such as reauthentication, account suspension, or account termination, depending on the severity of the threat. Transparency into where your identities ‘live’ and where they might be vulnerable is critical to managing identity risk.
3. Good hygiene:
You’ve got the right tech in place, now you must be disciplined. It always comes back to security fundamentals and keeping your house clean. This involves managing the lifecycle and authorizations of digital identities, ensuring identities aren’t granted excessive permissions, remain active, and are appropriate for their intended purpose. Having a constant pulse on your overall security posture as it relates to identity is critical.
Identities give threat actors the access they need to orchestrate a cyber-attack. The pace of technological change and the continued integration of world economies, governments, and businesses means that identity will only become more prevalent and complicated. You must have an identity strategy to protect your organization. If identity is the fuel that feeds adversarial activity, let’s proactively seek to cut off their supply. Don’t give cyber-criminals the keys to your kingdom.