Software applications today are the gatekeepers of company's sensitive and strategic information. Whether it's cloud-based SaaS (Software-as-a-Service) or on-premise solutions, strong identity management is the first line of defence. But just like a castle, weaknesses in this system can leave your data vulnerable.
What are the common cyber security risks associated with identity management in software applications and what are the actionable steps to improve your defences?
The Infiltration Point: Identity-Based Threats
Think cyber attacks only involve complex hacking techniques? Wrong!
According to CISA (Cybersecurity and Infrastructure Security Agency), 90% of attacks exploit identities. Phishing emails tricking users into leaking credentials, stolen logins used for unauthorised access, and insider threats with privileged access are all in this category.
Do you think you are safe? Remember, attackers target everyone!
The comment "who would want to steal my access?" is a misconception.
Broad Net Approach
Attackers often send mass phishing emails hoping to catch you. Even if your role seems unimportant, your access could be a stepping stone for attackers to reach more valuable targets.
Lateral Movement
Once attackers gain access to an account, they can use it to move laterally within the system, potentially reaching more privileged accounts and sensitive data.
Data Aggregation
Attackers might not be after your company secrets specifically. They could be looking to steal personal information you have access to, like customer data or financial records. This information can be sold on the dark web for further fraudulent activities.
But the problem goes beyond human accounts. Malicious actors are also targeting "non-human identities" like service accounts and #OAuth authorizations, using them to gain unauthorised access to software applications.
👉 Fortunately, there are ways to defend against these threats. Multi-factor authentication (#MFA) adds an extra layer of security beyond passwords, while single sign-on (#SSO) streamlines logins and reduces the risk of weak passwords.
Permission trimming minimises user access to their function, adhering to the Principle of Least Privilege (#PoLP). Role-Based Access Control (#RBAC) further strengthens security by granting permissions based on specific roles within the organisation.
Despite the availability of specialised tools, many organisations fail to fully utilise them. Disabling MFA weakens security, and relying on local logins for admins even when SSO is available creates a backdoor for attackers.
How to address these issues
Here's a proactive approach to identity management that minimises identity-based breaches:
Classify Your Accounts
Identify high-risk accounts such as those belonging to former employees, dormant accounts with high privileges, non-human accounts, and external accounts, fake administrators (highly-privileged non-admin accounts).
Clean Up Inactive Accounts
Former employees with active access pose a significant threat. Don't assume deactivating their account automatically removes access to SaaS or local applications. Proactive deprovisioning is mandatory.
Similarly, dormant accounts used for testing or setup often have high privileges and weak passwords (also shared with multiple users). Deactivating them reduces the attack surface.
Minimise Permissions and Check Them Regularly
The "more access is better" approach is a recipe for disaster. Apply the principle of Least Privilege to restrict user access to only the functionalities required for their role. Periodically assess and check the effective permissions on the company's storage resources.
Monitor Privileged Accounts
Admin accounts are prime targets. Implement security measures that send alerts for suspicious activity (e.g. unusual login times, locations, or data downloads). Additionally, check for the creation of high-privilege accounts without assigning them to a managed email address.
AND ALSO REMEMBER
Old data holds a wealth of valuable information
Old, abandoned, and duplicate data contain a wealth of extremely valuable business information, and also permission rights, that put together open and easy door to accessing other areas further up the corporate ladder. Very often old data is forgotten and little regard to it is taken but in actual fact when put into the hands of a cyberattacker it's like gold for them. Before deleting, or moving it, extract the valuable/re-usable information and then remove it.
By implementing these strategies, organisations can significantly increase their identity management defences and safeguard their valuable data. Remember, robust identity management is the cornerstone of cyber security. Don't let your software become a digital castle with a weak gate!