By Mike Sentonas, President, CrowdStrike
Since early 2020, businesses have had to find new paths forward using different technologies and solutions to navigate the challenges of working through a global pandemic. While these changes might ultimately lead to strength and innovation in organisations around the world, they have also created new cyber risks that can be exploited.
Threat actors are continuing to exploit vulnerabilities across endpoints and cloud environments. They are innovating in the ways they use stolen credentials to bypass defences to achieve their primary mission of stealing company data. Research shows that 62% of attacks are not malware-based, and around 80% of cyberattacks will use identity-based exploitation to steal legitimate credentials and use techniques like lateral movement to evade detection and exfiltrate company data quickly. So, what’s the solution?
Threat actors are becoming more sophisticated every year. Obtaining stolen company credentials to infiltrate an organisation is now another tactic in their arsenal. An organisation is only secure if every asset is protected. This includes every individual identity associated with the company. Whether it be an IT administrator, employee, remote worker, third-party vendor or even a customer, anyone that uses company credentials can be compromised and provide a pathway of attack for cybercriminals. Organisations need to continuously monitor the status, scope and impact of access privileges for all identities to maintain security and prevent a wide range of cyber threats, including ransomware.
Zero Trust is a security framework requiring all users, whether in or outside the organisation’s network, to be authenticated, authorised, and continuously validated for security configuration and posture before being granted or keeping access to applications and data. Zero Trust assumes no traditional network edge; networks can be local, in the cloud, or a combination or hybrid with resources potentially anywhere as well as workers in any location.
But organisations that want to enable the most effective cybersecurity defences should use a Zero Trust security framework in conjunction with an identity security solution. Research shows that 97% of identity and security professionals agree that identity is a foundational component of a zero trust security model.
Companies must also ensure that their identity security solution of choice is compliant with industry guidelines, such as those outlined by NIST. These principles include constantly verifying access, all the time, for all resources, minimising the impact if an external or insider breach does occur and automating data collection for the most accurate responses.
A comprehensive identity protection solution should deliver a host of benefits and enhanced capabilities to the organisation. The option of a hybrid working environment is unlikely to disappear in the near future. But, the increase in remote work has increased the potential attack surface for companies and possible vulnerabilities. Zero Trust and an identity protection strategy purposefully address the modern digital transformation problems of today, including securing remote workers, hybrid cloud environments, and ransomware threats. This is vital as research from a 2021 Verizon report shows that 61% of breaches in the first half of 2021 involved credential data.
But, it is also crucial to note that not all identity protection solutions are built equally. The most effective solutions should deliver a host of benefits and enhanced capabilities to the organisation.
The best identity protection technologies provide security for the most critical areas of enterprise risk to stop breaches in real-time for any endpoint and cloud workload, identity, and data, preventing modern attacks like ransomware or supply chain attacks.
Another benefit is hyper-accurate detections and automated protection, ensuring a frictionless Zero Trust journey for organisations of any size. This will also reduce the load on the business’ IT security team and enable more efficient remediation, providing the highest quality Zero Trust protection and performance without the overheads of managing data, threat feeds, hardware/software and ongoing personnel costs, resulting in reduced security complexity and costs.
The most effective cybersecurity identity protection providers correlate trillions of security events per day with indicators of attack, the industry’s leading threat intelligence and enterprise telemetry from across customer endpoints, workloads, identities, DevOps, IT assets and configurations. This enables improved visibility of credentials in a hybrid environment (including identities, privileged users and service accounts), enhanced lateral movement detection and defence, extended multi-factor authentication (MFA) to legacy and unmanaged systems and finally, strengthened security of privileged users that protect identities from account takeover.
Identity security must comprise a comprehensive solution that protects all types of identities within the enterprise, human or machine, on-premise or hybrid, regular or privileged, all to detect and prevent identity-driven breaches, especially when adversaries manage to bypass endpoint security measures. Companies that upgrade their identity security approach will be best positioned to stop attacks in the future.
