Steps to prevent identity-based attacks in cybersecurity

• Organisations lack the awareness necessary to prevent it until it’s too late.
• Organisations that revamp their identity security approach will be best positioned to stop breaches and maintain business continuity in an age of increased identity-based threats. 

The evolving threat landscape is making identity protection within the enterprise a top priority.

According to the 2022 CrowdStrike Global Threat Report, nearly 80 per cent of cyberattacks leverage identity-based attacks to compromise legitimate credentials and use techniques like lateral movement to quickly evade detection.

The reality is that identity-based attacks are difficult to detect, especially as the attack surface continues to increase for many organisations. 

Every business needs to authenticate every identity and authorise each request to maintain a strong security posture. It sounds simple, but the truth is this is still a pain point for many organisations. However, it doesn’t need to be.

An urgent priority for leaders

We have seen adversaries become more adept at obtaining and abusing stolen credentials to gain a foothold in an organisation.

Identity has become the new perimeter, as attackers are increasingly targeting credentials to infiltrate an organisation. Unfortunately, organisations continue to be compromised by identity-based attacks and lack the awareness necessary to prevent it until it’s too late.

Businesses are coming around to the fact that any user — whether it be an IT administrator, employee, remote worker, third-party vendor or customer — can be compromised and provide an attack path for adversaries.

This means that organisations must authenticate every identity and authorize each request to maintain security and prevent a wide range of cyber threats, including ransomware and supply chain attacks. Otherwise, the damage is costly.

According to a 2021 report, the most common initial attack vector — compromised credentials — was responsible for 20% of breaches at an average cost of $4.37 million.

How zero trust helps 

Identity protection cannot occur in a vacuum — it’s just one aspect of an effective security strategy and works best alongside a zero trust framework.

To realise the benefits of identity protection paired with zero trust, we must first acknowledge that zero trust has become a very broad and overused term.

With vendors of all shapes and sizes claiming to have zero trust solutions, there is a lot of confusion about what it is and what it isn’t. 

Zero trust requires all users, whether in or outside the organisation’s network, to be authenticated, authorised and continuously validated before being granted or maintaining access to applications and data.

Simply put, there is no such thing as a trusted source in a zero trust model. Just because a user is authenticated to access a certain level or area of a network does not necessarily automatically grant them access to every level and area.

Each movement is monitored, and each access point and access request is analyzed. Always. This is why organisations with the strongest security defenses utilise an identity protection solution in conjunction with a zero trust framework.

In fact, a 2021 survey found that 97 per cent of identity and security professionals agree that identity is a foundational component of a zero trust security model.

It’s time to take it seriously  

As organisations adopt cloud-based technologies to enable people to work from anywhere over the past two years, it’s created an identity crisis that needs to be solved.

This is evidenced in a 2021 report, which found a staggering 61 per cent of breaches in the first half of 2021 involved credential data. 

A comprehensive identity protection solution should deliver a host of benefits and enhanced capabilities to the organisation. This includes the ability to:

• Stop modern attacks like ransomware or supply chain attacks
• Pass red team/audit testing
• Improve the visibility of credentials in a hybrid environment (including identities, privileged users and service accounts)
• Enhance lateral movement detection and defence
• Extend multi-factor authentication (MFA) to legacy and unmanaged systems
• Strengthen the security of privileged users 
• Protect identities from account takeover
• Detect attack tools 

Identity protection is sometimes seen as the last line of defense for organisations, which is why it should be a key component of an organisation’s security posture.

Organisations that revamp their identity security approach will be best positioned to stop breaches and maintain business continuity in an age of increased identity-based threats. 

• Mike Sentona is the Chief Technology Officer at CrowdStrike.

Related posts:

• To secure cloud workloads adequately, do we need an “agent or agentless” tooling stack
• The need for predictive tools to combat complex security threats is greater than ever
• Organisations need to build trust in a zero trust environment