Identity is the context that kills: 4 ways to stay in control


The COVID-19 pandemic has sounded the death knell for the traditional perimeter. Work is now an activity, not a place, which means the concept of a security wall is as obsolete as a PC running Windows 95.

In an age where people work in cafes, sheds, bedrooms, and anywhere else they can get some peace and an internet connection, identity is often hailed as the new perimeter. In fact, it is context that represents today’s perimeter, with identity providing the killer context.

The context can raise a red flag whenever a user’s activity goes against their usual behavior. The time of authentication is obvious contextual information. If a user logs in at 6am on Sunday morning, there is a risk that their account has been compromised and a bad actor is trying to gain access. Their location, the device they’re using, and details of the data they’re trying to access also provide useful contextual information that can be used to deny access when an account behaves in unusual ways.

The need to embed identity and context at the heart of cybersecurity is clearly illustrated by an alarming increase in the creativity of phishing attacks in which hackers impersonate trusted cybersecurity vendors or use a proxy site to mirror an MFA authentication page – an approach seen in the Microsoft attacks when attackers inserted a proxy site between users and their work server. The threat was also illustrated when the European Central Bank got a phone call when hackers impersonated Angela Merkel in an effort to trick President Christine Lagarde into opening an account with a messaging app.

An increase in threat sophistication requires a step change in cybersecurity. Here are four ways to stay in control as storm clouds gather over the threat landscape.

1. Tackle Insider Threats

Stolen credentials are involved in nearly half of all attacks, according to this year’s Verizon Data Breach Investigations report. It’s not always external actors who steal these credentials – a fact reflected in the recent OpenSea NFT data breach in which its email database was leaked by an employee.

According to ID Watchdog, insider threats cause up to 60% of data breaches. The risk increases exponentially as the cloud moves data over ever-expanding networks, making it easier for insiders to gain access to sensitive data or credentials.

To address this threat, identity services must be able to detect unusual and suspicious behavior. Identity as a Service (IDaaS) and other identity-based security systems are essential tools for managing unauthorized network access. They can also tie actions within the network to a specific identity, control data access or even embedded downloads.

A good IDaaS solution must be able to apply identity-based contextual rules across an organization’s ecosystem to detect unauthorized behavior before it leads to a breach. It must be able to operate autonomously to authenticate the right users based on contextual data and block access in case of suspicious activity.

As organizations build larger and more complex cloud-based data landscapes, they must create a zero-trust environment that protects against internal threats as well as external risks. With intelligent, autonomous defense technology, enterprises can also implement systems that analyze more than just a password or one-time code to determine if a user is authorized to access a system or Datas. IP addresses, past behavior, device ID, geolocation, and time of day are just some of the data points that should be collected and analyzed by a smart IDaaS platform to decide whether a request for access must be granted. A modern approach to identity within the network can help mitigate the risk of insider attacks.

2. Protect against social engineering

Phishers are getting smarter and more daring by the day, with CEO fraud and business email compromise (BEC) attempts posing a serious and growing threat. The FBI has warned that BEC is now causing more losses than any type of cyber scam, costing victims more than $2.3 billion last year.

Organizational policies can help reduce the threat. For example, setting up a process for handling requests by e-mail to make urgent bank transfers, guaranteeing manual approval of payments above a certain threshold and the continuous training of all staff can ensure that phishing emails do not lead to devastating financial and reputational breaches.

Awareness and training should be combined with multi-layered email security that combines content scanning, threat intelligence, and leadership name verification. This means that if an employee receives an email containing the words “urgent bank transfer” or similar, it should be reported. However, this is only a first step and is not enough to fully protect against BEC and CEO fraud. The next step is to tag external emails and use executive tracking to identify the names of senior executives in the header and envelope fields. Checking email against a list of safe domains can also reduce risk, as well as the likelihood of false positives.

3. Crush social media attacks

In Q1 2022, LinkedIn was involved in 52% of all phishing scams. These attacks involve criminals targeting employees and tricking them into handing over stolen credentials or data. LinkedIn passwords can also pose a threat if staff members reuse credentials across platforms. MFA can protect against this risk and prevent unauthorized access enabled by password phishing, theft, or brute force attack.

It’s also important to take control by using federated identity standards to authenticate users with something other than a password. Weak passwords are not a problem if replaced with secure tokens and assertions. Unfortunately, scammers will always find a way to steal the information they need or trick staff into giving it to them. IDaaS and MFA can ensure that the credentials they steal do not allow unauthorized access.

4. Address the human element

An organization’s staff can be its greatest asset. Unfortunately, they can also be a liability when it comes to cybersecurity. Employers should strive to create a culture of safety that teaches employees to question the content of emails and educates them on phishing techniques.

IDaaS has a special role to play because it can eliminate the use of unauthorized applications and limit dangerous behavior within these applications while extending corporate identity protections to all applications.

By locking down vulnerabilities associated with the human element of cybersecurity risk, organizations can strengthen their cyber resilience and reduce the risk of experiencing a breach.

The perimeter is gone – but in its place, a new normal has emerged in which context is king and identity is integral. To solve the challenges created by the human element, social media attacks, insider threats, and BEC, organizations must secure the new perimeter or face the cost of a devastating breach.


About Author

Comments are closed.