by Rebeca | Nov 2, 2022 | cybersecurity
There are many trends in cybersecurity today, as organizations battle ever more cunning and prevalent cybercriminals; new tools and methods are emerging all the time.
This adds another layer of security to even mature IAM deployments, said Mary Ruddy, a VP analyst at Gartner.
“Identity is now foundational for security operations (identity-first security),” she said. “As identity becomes more important, threat actors are increasingly targeting the identity infrastructure itself.”
Simply put, “organizations must focus more on protecting their IAM infrastructure.”
Securing identity with identity threat detection and response
Stolen credentials account for 61% of all data breaches, according to Verizon’s 2022 Data Breach Investigations Report. Gartner, meanwhile, attributes 75% of security failures [subscription required] to lack of identity management; this is up from 50% in 2020, the firm reports.
As noted by Peter Firstbrook, a research VP at Gartner, organizations have spent considerable effort improving IAM capabilities, but most of that focus has been on technology to improve user authentication. While this may seem beneficial, it actually increases the attack surface for a foundational part of the cybersecurity infrastructure.
“ITDR tools can help protect identity systems, detect when they are compromised and enable efficient remediation,” he said.
ITDR is a new acronym Gartner uses to describe the security discipline that protects the identity infrastructure. Much like network detection and response (NDR) and endpoint detection and response (EDR) protect critical infrastructure in the organization, ITDR is required to protect the systems that control identity and access across the organization. Now that identity has become the new perimeter, the detection gaps between traditional IAM solutions and infrastructure security controls are constantly exploited by malicious actors, inside and outside the organization.
Before searching for the tools to protect your identity infrastructure, we recommend identifying the gaps in your environment by following the below 3 steps:
Step 1: Assess Identity-First Security Posture
Examine the identity risk level across your cloud environment by reviewing actual access privileges and identifying stale accounts, over-privileges, and privilege escalation paths. The proliferation of identities and assets together with the dynamic nature of the cloud often leads to hidden, unused and excessive access.
For example, “More than 95% of accounts in IaaS use, on average, less than 3% of the entitlements they are granted, which greatly increases the attack surface for account compromises.” Gartner Innovation Insight for Cloud Infrastructure Entitlement Management, published on 15 June 2021 by Henrique Teixeira, Michael Kelley, and Abhyuday Data.
Reviewing all cloud services and applications for illicit access can be very time consuming and error-prone. CIEM (Cloud Infrastructure Entitlement Management) solutions can help identify over-privileges in IaaS. If you wish to cover all your bases, it would be beneficial to also review cloud applications and IAM tools to identify stale access from partial offboarding as well as privilege escalations across systems (shadow administrators and federation).
Step 2: Assess Identity Threats
Review the configurations and deployments of your IAM tools (IdP/SSO, IGA and PAM) to detect risks and threats such as exposed passwords, user impersonation, and unauthorized changes. Even mature deployments of IAM solutions may be exposed to identity threats due to misconfigurations or even by design.
A point-in-time assessment will provide you with an estimate of your exposure level and indicate the prioritization and extent of your ITDR adoption for ongoing protection. Identifying where you are exposed will also help determine who should own ITDR in your organization.
Step 3: Examine Response Playbooks
Your SIEM, SOAR and XDR tools are handling incident response for your security infrastructure. Chances are that some of your existing playbooks can also be used for identity risks and threats. Review your existing playbooks to identify what will work for identity and access incidents and what requires adjustments, or new playbooks.
Some ITDR solutions will also provide automated remediation capabilities, such as disabling excessive access, and resolution recommendations (like moving from SWA to SAML). The severity and potential impact of incidents on your organization will determine the urgency and automation of your playbooks.
Find a solution for each IT challenge in your company with our powerful Converged Platform. Get a custom demo.
Fonts:
(1) Securityboulevard
(2) Venturebeat
Imagen de Pete Linforth en Pixabay
by Rebeca | Oct 26, 2022 | cybersecurity
According to the Esade Creapolis barometer “The challenges in Retail 2022: New perspectives and opportunities for the sector”, 62% of retailers, 20% more than in the 2021 barometer, express the need to rely on technology to improve the customer experience that is created through each interaction with the company, that is, its customer journey, becoming the fastest growing concern in the sector.
SMEs in the retail industry are the ones that have seen the viability of their business most endangered by cyberattacks, 43% of them according to the conclusions of the Ranking of Cybersecurity of SMEs prepared by Hiscox coinciding with the Cybersecurity Month that It is celebrated this October.
This ranking also shows that, on the contrary, small and medium-sized companies dedicated to financial and business services are the ones that best manage the cybersecurity of their businesses, retail companies are in seventh position.
Likewise, as the Interface blog points out, several studies were synthesized and concluded that 84% of the cyberattacks that occur in this industry include system intrusion, social engineering and attacks on basic web applications. In 87% of the cases the actors are external, and in 13% internal. Of the compromised data, 45% corresponds to credentials, 27% to personal data, 25% to payment data and 25% to other types of data.
In this delicate scenario, retailers need to develop several basic security policies:
• Restrict access to data as necessary.
• Encrypt sensitive data sent over open public networks.
• Periodically test security systems and processes.
• Manage threats to mobile devices (define policies and implement specific management solutions).
Additionally, companies need to have broad visibility and control across all environments; and they must monitor and respond to a rapidly changing threat landscape.
Prestashop Studio
In the latest survey carried out among Prestashop Million Club stores, which brings together stores that generate more than one million sales per year, it reveals that 46% of merchants have been the victim of a cyber attack. In the case of Spain, the figures exceed the world average, since one in two affected merchants (53%) had to deal with various types of attacks. 60% of those surveyed consider that the number of attacks is growing.
Most reported being attacked by malicious bots (60%), followed by DNS server attacks (50%), ransomware attacks (30%) and SQL injection (30%). Likewise, 10% experienced a Denial of Service (DoS or DDoS) attack and another 10% declared having suffered a change in the appearance of the web. These attacks are the most common, but merchants have had to deal with other less frequent but very real attacks. Thus, 20% of them speak of other threats such as database deletion and a significant increase in traffic volumes.
Consequences of the attacks and measures
The main consequence of these cyberattacks was the unavailability of the service (for 80%), and only 20% of stores suffered data theft, and 10% kidnapping of customer data. Likewise, 61% of the attacks are resolved in less than a day, 20% in an hour and 25% in half a day, highlighting that one out of every two attacks required an action to stop it, and the remaining 51% needed a more complex strategy to limit its impact, leading traders to conclude that this is a threat to be taken seriously.
Among the solutions, 51% hired an external service provider to solve the attack, 39% installed security patches and 25% installed a backup, and only 2% of those affected worldwide resorted to payment of a ransom to stop the attack. 22% have resorted to other strategies, such as analyzing traffic with a web agency, closing the online store or blocking attacks before hackers could take advantage.
The results also show that only 18% of merchants who have already been attacked have applied a minimum of five different measures, while this figure rises to 29% for those who have never been attacked.
Even though one in two merchants have never been attacked, cybersecurity remains a top challenge for 90% of respondents and a top priority for 24%. Being a serious and complex topic, even for digital players, 69% of merchants plan to outsource their cybersecurity management.
Safety recommendations
– Controlled access to PII with well-configured permissions. The principle of least privilege access is key: all identities should have only the minimum permissions necessary to perform their intended tasks.
– Scaling based at events during shopping peaks. This rapid scaling can minimize website latency and optimize customer shopping experiences, but it can also be very powerful in the hands of an attacker. This is why implementing least privilege is critical to all serverless features of major public cloud providers.
– Introduce improvements in the internal application of identity and access management (IAM). Enforcing least privilege on all systems is necessary, as enforcing multi-factor authentication for all employee access to a cloud environment can provide an additional layer of security by reducing the risk of credential theft. If we think that by compromising an unprotected work identity with sensitive access to cloud resources, an attacker can be allowed to gain access to those resources.
– Embedded application secrets. E-commerce sites are built on top of each other, integrating with payment services like Paypal or similar. When building their e-commerce applications, developers can sometimes leave credentials, passwords, keys, or tokens embedded in the code, exposing them to potential attacks. Across DevOps pipelines and eCommerce software supply chains, all secrets must be managed securely and rotated programmatically to reduce risk.
– Vulnerabilities in the e-commerce website. Without the proper layers of security, retailers are vulnerable to attacks such as distributed denial of service (DDoS), SQL injection, and skimming, which can disrupt business and allow attackers access to valuable customer data.
Soffid can help you to protect your data, shall we talk?
Sources:
(1) Cepymenews.es
(2) ITdigitalsecurity
(3) Inese
by Rebeca | Oct 19, 2022 | Uncategorized
Identity management is gaining more and more importance among companies, so it is necessary to have a defined strategy and an adequate solution.
Currently, sufficient attention is beginning to be paid to identity management, although it depends on the size of the company, but they are regularly producing two errors: On the one hand, quantification, as an example, and according to a recent report, 21% of the CISOS were unaware that their customers had been phishing. And on the other, simplicity vs. security, since identity management must be dealt with through progressive profiling.
One of the elements that creates the biggest problem with regard to identity management is usability. That is why we have to talk about digital identity, and we need a tool that makes a continuous and intelligent analysis of that access and that the user does not even appreciate it, so as not to generate unnecessary and duplicate access.
It is therefore important to establish a digital identity strategy, understanding the user’s journey, and knowing what are they looking for in our application or on our website. The customer must be at the center of any strategy to drive an organization’s business. Digitization has introduced registration processes, which took a long time before being able to start using that service. To this registration process we must add the need to remember countless passwords, which is also another negative point. For this reason, access has to go into the background and run transparently.
When providing a service to a user, the priority must be to facilitate the experience in a way that the user encounters as few obstacles as possible without reducing the security around identity control.It is necessary to deepen this relationship of trust.
In the case of employees, prioritize their productivity, having the necessary access in a simple way, only for what they need and for those who have authorization.
Soffid Access Management can be implemented throughout an organization and for all use cases: employees, customers, devices and objects. The identity solution allows you to associate access management, user-managed access, identity management, directory services, edge security, and also provides an identity gateway.
Shall we talk?
by Rebeca | Oct 5, 2022 | cybersecurity, soffid
The Internet of Things (IoT) is reshaping nearly every industry, from manufacturing and transportation to home automation, telecommunications, and healthcare. By connecting devices with systems, data, and people, you achieve more personalized, automated, and enhanced experiences for your customers.
Therefore, safeguarding user privacy is becoming more difficult as the Internet of Things gains priority in our daily lives. More and more connected devices mean less control over increased connectivity and data collection activities.
In fact, control can be lost if someone hacks into your computer or smartphone, acting as a remote control for other devices. This form of cybercrime can even go unnoticed, unless a series of significant events occur that shock the user.
Smartphones store an enormous amount of personal data about their owners. With apps tied to email IDs, bank accounts, and in some cases appliances and vehicles, stolen data can lead to massive (and in many cases unsolvable) problems.
But regardless of the Internet of Things application, no consumer wants to lose control of their data. They want to determine what and who has access to your personal information, for how long, and under what circumstances.
IAM (Identity Access Management) also helps to identify devices as well as manage user access to data, and traditional IAM solutions cannot cope with the demands of the new era of Internet of Things devices, so it is necessary update the architecture, taking into account the number of device connections and looming security concerns.
Having a customer identity solution that facilitates consistent, multi-channel personalization is key to driving revenue and loyalty.
Customer identity data is one of your most valuable assets, and Soffid can help you protect it everywhere.
Soffid also allows customers to link and manage trusted devices so they can easily authenticate into different applications.
by Rebeca | Sep 28, 2022 | cybersecurity, News
The Internet enables businesses of all sizes and from any location to reach new and larger markets. In addition, it provides opportunities to work more efficiently through the use of computer-based tools. Wifi security should be part of the plan if the company uses emails or cloud computing.
Theft of digital information has become the most commonly reported fraud, surpassing physical theft. Every business that uses the Internet is responsible for creating a culture of security that will enhance business and consumer confidence.
Many employees access their emails and work networks through public Wi-Fi hotspots. However, there is a risk of hackers intercepting sensitive information such as login credentials. Many employees are unaware of the WiFi security threats that lurk in their favorite coffee shop and fail to take precautions. Even employees who are aware of WiFi security threats often ignore the risks.
Consumers may be willing to take risks on public Wi-Fi networks, but what about employees?
How to ensure the security of your employees’ home WIFI
It might not be apparent, but home wireless routers should be one of the most protected and secured devices in anyone’s home. More than computers, tablets, laptops, or smartphones. Why? Because a router is a gateway into personal information. If anyone is able to access one, then they are also able to access a plethora of sensitive data.
We are now also at a time when more people than ever are working from home. Although this transition has been going on for several years, it accelerated rapidly during the COVID-19 outbreak. As most companies conduct operations remotely whenever possible, the risks have increased.
Users have a need to access information from powerful unregulated home wireless networks. In other words, the protection of enterprise-grade routers and firewalls to the sensitive information is now useless.
Unfortunately, cyber criminals see the rise in remote work as an opportunity to infiltrate corporations
Businesses must ensure their remote workers’ Wi-Fi networks don’t risk exposing business data or secrets due to fixable vulnerabilities.
Home ownership is public information. A hacker can park near an employee’s home, steal their Wi-Fi credentials, and reroute the home network so that all traffic is sent to the hacker. The hacker can then infect the employee with ransomware, spy on corporate activity, or conduct other potentially devastating, malicious attacks.
According to an IBM study, human error is the cause of 95% of cybersecurity breaches. This staggering statistic indicates that people simply don’t know what to look for to protect their information. Few employees are well versed in regularly updating their router software to stay up to date on vulnerabilities, leaving countless attack vectors open at home.
Two Ways to Secure Employees’ Home Wi-Fi
- Educate Employees About Cybersecurity at Home
It’s vital to train staff members how to spot and handle phishing attacks and other forms of social engineering. Educate employees on common tactics such as phony emails and spoofed websites and to always double-check before entering credentials anywhere. While educating employees is an essential first step, the fact of the matter is that all it takes is one mistake by a single employee to put an entire organization at risk for an attack.
- Secure Home Wi-Fi With Enterprise-Grade Networks
A WPA2-Enterprise network is the most frequent type used by organizations due to its increased security and customization capabilities. WPA2-Enterprise networks use a RADIUS server with Extensible Authentication Protocol (EAP) that ensures information sent to the RADIUS is protected. If employees are working remotely and accessing sensitive resources, you want to guarantee they have the best possible protection. WPA2-Enterprise is not only the best method for securing home WiFi networks; it’s become far more accessible in recent years
See how Soffid can help you stay ahead of the curve in a rapidly evolving digital world. Let’s discuss your project!
Picture: Imagen de rawpixel.com en Freepik
