With more people than ever attempting to steal your account credentials, identity management is a key factor in your organisation’s overall cyber security posture. In this blog our Technical Director of Offensive Security Andy Swift explains how to understand and improve your organisation’s identity management.
Strong identity management is absolutely critical to maintaining your cyber integrity in 2022. Identity theft is one of the most common forms of cyber-attack today, so much so that 83% of incidents our Cyber Emergency Response Team (CERT) attended in the past two years have been related to identity theft.
In this blog I’ll take you through what identity management is, why identity theft – one of the key things good identity management is trying to prevent – is so common, who it is that’s buying stolen account credentials, and how you can go about improving your organisation’s identity management and overall cyber security posture.
Let’s get started.
What is Identity Management?
At its most basic, identity management is all about giving the right people access to the right tools and data. You’re probably already doing it now: if you don’t have access to literally every file on your organisation’s shared drives and every application your organisation uses, that’s because of identity management policies that restrict your access to only the tools and data you need to carry out your specific role.
It gets more complicated than that, but at its heart good identity management protects organisations by preventing malicious actors from committing identity theft by stealing account credentials – or at the very least restricting movement if and when those actors do gain access to internal systems.
Identity management is critical in today’s hostile digital landscape, as identity theft is on the rise: a recent report stated that 2021 saw a 68% increase in data compromises compared to 2020. Let’s explore why that is.
Why is Identity Theft so Common?
So why is identity theft so common? Well, the simple answer is stealing account credentials is big business. There is a massive industry out there of people stealing and selling credentials on the dark web. Once these attackers have stolen a victim’s credentials, they want to leave without a trace in order to avoid arousing suspicion. I don’t suggest you venture to the marketplaces through which stolen credentials are sold on the dark web, but if you did you’d find lists of credentials with different attributes – whether they’ve been tested, whether they have access to financial data – that dictate price. They even run Black Friday sales. I’m not kidding.
Who is Buying Stolen Credentials?
As for who’s buying these credentials, there are three main markets. Most stolen credentials are sold to people looking to launch phishing and onward phishing attacks, giving them access to compromised mailboxes to send emails from. Secondly, there are hackers who want to launch attacks – ransomware, more than likely – from within a network without having to navigate its external cyber defences while also evading the long wait for brute force attacks, phishing attacks and other noisy activities to pay off. And thirdly, there are people who want to simply target external administration interfaces they have identified (RDP for example) which they can in turn use to pivot through to internal networks, or even just target the external host directly.
How Can You Protect Yourself?
When it comes to protecting yourself and your organisation, you can probably guess what I’m going to say here: implement multi-factor authentication (MFA). MFA provides great defence against identify theft, but it’s also a reactive technology: for it to be effective, an attacker must already have obtained stolen credentials. That’s why comprehensive cyber security training and education on best practices is quite possibly more important than any technology could ever be alone. There’s no silver bullet when it comes to achieving strong identity management, but the importance of threat awareness and training cannot be overstated.
Improve Your Organisation’s Identity Management
Strong identity management achieved through a combination or people, processes and systems is a non-negotiable for organisations today. If you’re unsure where to start when it comes to understanding and improving your organisation’s identity management, Six Degrees can help. Our expert consultants will enable you to understand your current posture and create a targeted plan to enhance it, while our managed security services keep you safe round-the-clock with 24×7 cyber event alerting and remediation.
Contact us and speak to one of our experts today.