Johannesburg, 21 Oct 2022
Dissolving perimeters and an explosion in the number of digital identities are increasing organisations’ cyber risk.
This is according to David Higgins, senior director, field technology office at CyberArk, who was speaking during a webinar on identity security: the new approach to securing modern workplaces.
Higgins said: “Dissolving perimeters and remote work have created new hurdles for security. We are seeing more targeted attacks, attack vectors and tools becoming commoditised, and a new era of cyber warfare emerging.”
Although the environment is evolving, attack paths typically follow the same pattern as they did in the past, he said. “Attackers will always look for some initial ingress point. Ten years ago, this might have been through phishing or social engineering. They then move laterally, perform reconnaissance and exfiltrate data or disrupt the business. Insider threats follow a similar path, with many of the stories out there due to disgruntled IT admin employees who exploit their open, uncontrolled access.”
“In the recent Uber breach, human nature and poor configuration are what was exploited. The attacker bought user credentials off the dark web and therefore had pieces of the puzzle for a multi-factor authentication (MFA) process. For the last piece, they start MFA bombing – sending prompts to the actual user whose identity has been compromised.”
He explained that the user had not accepted the prompt and clicked the link. “So they stepped it up and sent the user a message masquerading as the IT admin, asking them to accept the prompt, which they did. At this point, they had access to the VPN as that user, and stumbled across a network drive where they found a PowerShell script. In this case they stumbled on a bit of misconfiguration, finding hard-coded credentials that gave access to the privileged access management platform. From here they accessed privileged credentials and consequently exfiltrated secrets and data from the network. This illustrates that the cyclic attack path process remains the same,” he said.
Identity as a vulnerability
Higgins noted: “As we embrace more services, we build more in our IT environments and start seeing high levels of entitlement in many areas.”
All identities can become privileged under certain conditions, and all identities and credentials are a target, he said.
Higgins said CyberArk’s 2022 Identity Security Threat Landscape research found that the average staff member accesses more than 30 applications and accounts, which means they have 30 digital identities. In addition, machine identities such as bots outnumber human identities by a factor of 45x. “That’s a huge number and it means about 98% of your identities are non-human,” he said.
Not all access is the same from a risk perspective, Higgins said. Workforces, non-human identities, and admins all have different levels of access with different risks associated with them. “Our research has found that 52% of workforces and 68% of non-humans or bots have access to sensitive data and assets, pushing them over the threshold into privileged or high-risk access,” he said.
Mitigating risk with identity security
To mitigate the growing risks, Higgins said: “We need to be able to apply the right level of access with intelligent privilege controls. Identity security seamlessly secures human and machine identities accessing workloads from hybrid to multi-cloud and flexibly automates the identity life cycle with continuous threat detection and prevention – all with a unified approach.”
The more standing permissions and accounts exist, the greater the risk, he said. “Access should only exist when it's needed. But it isn’t just a case of standard access or privileged access, a whole spectrum of access types must be addressed. By applying the right intelligent privilege controls, we can make any lateral movement attempts by would-be attackers in the environment so difficult that they become noisy and therefore easier to detect."
CyberArk’s approach is to build out a unified identity security platform with multiple services sitting underneath it, to apply the right controls depending on the access type, Higgins said.
He outlined how the CyberArk Identity Security Platform delivers seamless and secure access for all identities, with intelligent privilege controls and flexible identity automation and orchestration, addressing workforce and customer access, endpoint privilege security, privileged access management, cloud privilege security, secrets management and identity management.
He noted that the CyberArk Blueprint for Identity Security Success addresses how to secure processes and manage the complexity of change.
Share