Massimiliano Galvagna, Country Manager for Italy of Vectra AIoutlines the top five situational risks for identity-based attacks.
With identity-based attacks on the rise and increasingly leading to serious breaches, Multi-Factor Authentication (MFA) has been widely adopted around the world. However, considering that nearly 90% of organizations have experienced identity-based attacks in 2023, implementing MFA is not sufficient.
The MFA security landscape and AI-driven attacks
The reality is that the risks of using MFA as an effective identity security process will likely continue to increase in the future. The reason The main one is related to the emergence of Artificial Intelligence-based cyber attacks, which have intensified in 2023. AI and Machine learning are proving to be formidable force multipliers. Enabling cybercriminals to launch highly complex, automated attacks that bypass or bypass standard MFA protections. However, AI-driven attacks are not the only ones fueling the growth of direct identity attacks.
Vectra indicates the five risks
In fact, several common risks related to the so-calledsituational threat” or situational threats are leading to highly successful identity-based attacks. The November 2023 Okta breach, for example, was not the result of an AI-driven attack. But simply the result of an identity access management (IAM) program lacking sufficient visibility into users, their account access and credential monitoring. The hackers gained unauthorized access to the network by stealing the credentials of a service account stored in the system and gained access to all personal information of every Okta account holder.
Situational threat risks
Risks from situational threats are much more controllable than AI-driven threats. Provided that the organization equips itself with the best detection capabilities. In fact, with the right identity threat detection and response solution, these attacks can be prevented. The first step is to evaluate the threat risks within your environment, which may not be covered – or detectable – by identity access management (IAM) or even privileged access management (PIM) procedures. Here are the top five situational threats that are contributing to the rapid rise of identity-based attacks and, with the right solution, are easily preventable.
1 Activities related to mergers and acquisitions
An organization’s risk tolerance is at its lowest during the merger or acquisition (M&A) process. First, each phase of the business leads into the daily life of the organization new behaviors, new people, new processes, new objectives and new events. These changes will impact all levels of the organization.
Vectra outlines the five risks for identity-based attacks
Furthermore, by its very nature, mergers and acquisitions usually result in job cuts. Which can mean disgruntled employees and turf conflicts between staff that can lead to identity risks. Added to all these factors is the board’s drive to close the deal with as few disruptions as possible. This can lead some executives to cut corners on procedural or risk management best practices.
2 Organizations dealing with sensitive data or critical infrastructure are high-value targets
Another form of situational risk is represented by companies and organizations that work with or own high-value data and/or infrastructure. This makes them more likely to be targeted for identity attacks. A financial services company with billions of dollars in assets is an example of a company with a higher probability of situational risk of attack on identities. Energy companies with nuclear infrastructure, healthcare companies, telecommunications companies, law firms and some manufacturers also pose high situational risks.
3 Risk of third party access
As the use of external applications, contractors and services increases, the risk of identity-based attacks also increases. Maintaining strict access control to sensitive networks, services and applications becomes more challenging as the number of third-party partners and vendors increases. Varying skill levels, geographically distributed business partners, as well as culturally different behavioral habits and expectations all pose identity breach risks for organizations.
4 Insider threats and risks related to workforce reduction
I employees they can be a significant source of identity risk. Even today, when the danger of cyber threats is well known. In fact, most employees often do not follow even the most basic safety protocols. 62% of professionals use a single password for multiple accounts. 31% of organizations report having experienced brute force or password spraying attacks in the last year. VPNs can help verify and allow third-party remote access, but their visibility is limited.
Staff reductions and layoffs can also be a significant cause of identity-based threats. It is estimated that almost one in three former employees still has access to company SaaS.
5 Access to too much information
Another very common risk is that employees are given more access to data, applications and networks than they need to do their jobs. This can occur when new employees are granted a fixed or standardized level of access that exceeds what is useful for each role. Granting too much access opens the door to employees who could become unwitting attack vectors. In these cases, IAM tools are ineffective because access has been granted and therefore the abuse goes undetected. Privileged identities, especially service accounts, are also difficult to monitor.
Lack of visibility increases identity-based risk
Lack of visibility into user access, identities and behaviors is the underlying theme of most situational risks. The explosion of SaaS applications has made it very difficult for IT security teams to access and gain visibility into SaaS applications. Also on the identity of users and their behavior within the network. The expansion of remote work has made it more difficult to determine the identity of third-party employees accessing the network.
What the statistics say
Then the rapid increase in the number of identities increases the threat of risk. The statistics are impressive. About the 98% of organizations have seen an increase in identities (ISDA). Additionally, for every human identity there are 45 machine/service identities, and 62% of organizations have no visibility into employees or machines accessing their sensitive data and resources.
AI helps gain visibility and context into user identities and behaviors
The key to understanding and blocking identity-based risk is the ability to reverse key situational risk factors. These factors include lack of visibility into user identity, ensuring that the level of user access to the network is appropriate, and the ability to quickly contextualize user behavior.
Vectra indicates the five risks, the responsibility of the user
The SOC team must be able to automatically verify a user, immediately gain visibility into their behavior within the network and cloud, and immediately correlate this to the user’s access level and tasks, iregardless where you are from. Additionally, to minimize the risk of identity-based attacks, organizations need to be protected with appropriate, automated responses. Instant AI-driven remediation allows the team to block unauthorized behavior, eliminate access, and prevent breaches, application abuse, exfiltration, or other harm. All in few minutesnot in several months.