Blog
How to Protect your Organization from Identity Threats
There is little doubt that businesses have their hands full when it comes to the current cybersecurity threat landscape. However, there is one threat category that stands out from the rest: identity threats. This category refers to an attacker who poses as a trusted insider or another privileged user to gain and expand their access to a protected system or network. To defend against identity threats, businesses must address specific underlying threat types, which require deploying a variety of cybersecurity technologies and tactics. In this article, we will discuss the three major types of identity threats that businesses may face and the strategies they can employ to guard against them.
Account Takeovers
One of the most common identity threats that businesses face is the threat of account takeovers. This involves an attacker using stolen or otherwise compromised user credentials to gain access to a legitimate user account. Once inside, the attacker poses as the account user and leverages their access rights to exfiltrate data or expand their foothold within the network or protected system.
There are various attack vectors used to facilitate account takeovers, including:
- Social Engineering – Deceiving accountholders through targeted phone calls and other messaging, with the intent of tricking them into disclosing account credentials.
- Data Breaches – Making use of account credentials disclosed during previous data breaches or security incidents.
- Phishing Attacks – Using email and other messaging to impersonate a trusted entity to entice a user into clicking on an infected link or installing malicious software.
Fortunately, it is relatively straightforward for businesses to safeguard against account takeovers. They simply need to implement some basic upgrades to their authentication methods and infrastructure. The most secure approach is to upgrade as much of their infrastructure as possible to use passkeys or hardware security keys. The former represents cutting-edge secure authentication technology, while the latter can make protected user accounts nearly impervious to account takeover attempts.
In cases where those upgrades are impossible or impractical, businesses should implement multi-factor authentication (MFA) wherever possible. While MFA may not offer the same level of security as it did before, it can still create obstacles to slow down or halt an account takeover attempt. At the very least, this can provide time for cybersecurity staff to identify the attempt and take action to stop it.
Lastly, they must update internal password policies to require users to use strong and unique passwords for all business accounts. They should also enforce regular password changes for all accounts. This represents the minimum security measures that every business should immediately implement to defend against account takeovers. Wherever possible, they should also utilize an encrypted, preferably local, password generation and storage solution. This alleviates the burden on employees to create and remember the complex and secure passwords needed to prevent account takeovers. Furthermore, periodic password changes would render any stolen credentials from a data breach useless in no time.
Lateral Movement
Another identity threat that businesses must guard against is a tactic known as lateral movement. This is an attack technique in which a threat actor gains access to a protected endpoint, such as a user’s PC or a compromised network device and uses it to gain surreptitious access to other systems. By employing lateral movement, an attacker can embed themselves inside a protected network, even if the network’s owner detects and closes their initial access point.
Guarding against lateral movement begins with secure authentication practices, as detailed above. It is also advisable for businesses to deploy a robust endpoint security solution on all network-attached devices. This increases the likelihood that an attacker’s initial penetration triggers alarms before they can penetrate deeper into the network.
Additionally, using firewalls to restrict inter-device communications can help slow or prevent lateral movement attempts. Applying the principle of least privilege (POLP) to all user accounts is also beneficial. This involves granting the minimal essential user rights to every network user, and it should be complemented by regular privilege reviews aimed at preventing privilege expansion and removing unused user accounts.
Ransomware Attacks
Fortunately, strengthening defenses against the previous two threat types also helps mitigate the third common identity threat: ransomware. Although ransomware is not as prevalent as it once was during the peak of the work-from-home surge, it is still a concern for business leaders. After all, a single ransomware incident can incur a recovery cost in the millions of dollars.
In general, it is advisable to employ a three-pronged approach to ransomware prevention. The authentication upgrades, POLP, and endpoint protection discussed above represent one of these prongs. The second prong involves developing and implementing a sensible and responsive patch management strategy to quickly address security vulnerabilities before attackers can exploit them. If possible, this strategy should include a micropatching solution to further protect vulnerable systems.
The third prong entails using comprehensive backups for all critical data and devices. This enables businesses to recover in the event of a ransomware attack with minimal downtime. For added protection, it is a good practice for businesses to employ air gap backups for as much of their infrastructure as possible.
Defeat Identity Threats
Although safeguarding against identity threats is a significant endeavor for businesses, success is attainable. With the right technologies and tactics, as described above, most businesses can significantly reduce their risk of identity threats.
Additionally, Outsource IT can serve as a crucial ally in those efforts. We offer business IT security services designed to protect digital infrastructures against identity threats. To learn more, contact one of our knowledgeable account managers and find out how we can help safeguard your business against today’s most common cybersecurity threats.
