Updated: Oct 20
It’s not rocket science. To hack an organization, someone needs unauthorized access to something. Criminals are going where they’re not supposed to, and they are somehow gaining credentials or pathways into vital systems. There are many ways that can happen. But for far too long, the cybersecurity industry has lacked not only the visibility into an organization’s identity-related threats, but also the ability to easily and automatically remediate related issues.
Here are some of the most common types of identity-related threats that continue to plague IT security professionals and their C-level management:
Shadow Identities – This is when an organization has homegrown, legacy or new systems that use identities not provisioned or managed through a corporate policy. Shadow IT remains a critical problem, and it starts with shadow identities. Organizations are investing in tools that identify and track actual devices, but it’s just as crucial to do the same with identities. An organization may know a machine exists, but do they know what’s being done within that computer? What are the identities accessing it for different services, apps, etc.? Productivity and business continuity are top priorities. For that reason, an administrator can provide a user or service temporary access directly to an app, but what is intended to be temporary access can inadvertently remain indefinitely.
Multi-Factor Authentication Gaps – This often occurs when an organization believes it is consistently and properly deploying MFA, but experiences challenges associated with its complexity. Placing MFA across ALL users, ALL applications, and ALL systems is a battle that doesn't seem winnable with current technologies. An “MFA gap” means there are either homegrown, legacy and/or new systems that do not support MFA protocols or don't support the correct plug-ins to enable MFA. Organizations typically end up with a lot of applications that fall in between the cracks and don’t use MFA across the board.
Compromised Identities – This can be as basic as a stolen username and password or as complex as a vast collection of information that can be used to help crack a password. Identities are much more than a couple words or numbers. Today, the internet and dark web can be used to craft an entire persona for an individual – using countless bits of data to enable personal credentials to be changed and overtaken while the user remains completely unaware. That seemingly peripheral information can be a goldmine for cybercriminals looking to find a path into an organization. It needs to be obvious to security personnel that credentials themselves or helpful personal information is available and/or for sale on the internet. But it also needs to be flagged when an employee has attempted to use or has used compromised credentials.
Authentication Quality & Security Issues – This refers to the strength of authentication infrastructure, such as protocol, encryption level, password strength, password hashes and more. Organizations invest in tools that authenticate identities, but it’s just as crucial to do the same with the infrastructure that makes it happen in the first place. An organization might apply authentication policies, but those are not enough to assure authentication security. The continual struggle for identity productivity and convenience vs. security forces organizations to define strong policies, but in many cases, passwords and basic authentication mechanisms still remain extremely easy to crack. Additionally, encryption levels and hashes need to be frequently updated and refreshed in order to cope with the latest hacking techniques and computing power cost. Regardless of the diligence exercised by security personnel, organizations typically end up with many identities that authenticate over a weak infrastructure – and those can become the root cause of a cyberattack.