Identity could well be the new vulnerability as we find ourselves more entrenched in the digital economy…
Identity security is an area of cybersecurity growing in relevance given the increasing volume of online business interactions in Asia Pacific. Now, more than ever, organizations must ensure the right person gets access to the right privileged information.
This is also why lateral movement is a major cybersecurity threat organizations need to be prepared for.
To find out more about lateral movement, the importance of identity security, and how Asia Pacific companies can foster trust in the new digital reality, CybersecAsia sought out some insights from Itay Nachum, Senior Director of Cybersecurity Strategy, Proofpoint.
What is the current state of identity-based attacks? Is identity the new vulnerability in the digital economy?
Itay Nachum (IN): Identity-based attacks continue to be one of the most common types of cyberattacks today and identity is growing as a vulnerability used by attackers to exploit people, being the most critical variable in today’s attack chain.
Identity theft is now being used by threat actors to further their cybercriminal gains. Attackers start by targeting your people through attacks like credential phishing emails and by landing malware.
Cybercriminals do not need to breach the many layers of defenses of an entire organization. Once they have compromised one employee, one account, one identity, they’ve nearly won. They’re now inside your environment using that identity to move laterally through your organization to achieve their goals of ransomware or data exfiltration.
It’s currently far too easy for an attacker to turn one compromised identity into an organization-wide cybersecurity incident. In other words, identity is the new attack surface, and while many consider it to be the new perimeter, it’s in reality the new vulnerability.
We are also seeing an increase in multichannel, multi-touch phishing campaigns, where attackers are engaging in longer conversations across multiple personas.
For example, telephone-oriented attack delivery (TOAD) attacks, where attackers aim to trick users into disclosing sensitive information over the phone, such as login credentials or financial data, by impersonating a trusted figure. They will get on a call with the victim, claiming to be a representative from a reputable company or organization. Then, they will follow up with an email that contains a phishing link or attachment. Whether it’s a nation state-aligned group or a BEC actor, there are plenty of adversaries willing to play the long game today.
How should organizations remediate identity vulnerabilities before they become risks?
IN: It is critical that security leaders take into account the human factor within their organizations, especially when it comes to identity vulnerabilities.
Proofpoint’s 2023 Voice of the CISO Report found that almost 60% of CISOs in Singapore see human error as their organization’s biggest cyber vulnerability. However, although human error is inevitable, having guardrails can go a long way in mitigating vulnerabilities before they become risks.
Security awareness training is one of the best ways to defend organizations as well. Training must go beyond jargon, definitions of common threats, and multiple-choice tests. It must leave users in no doubt about their responsibilities – and the consequences of failing to uphold them. It must also not be a once-a-year activity. The training that employees receive must be constantly updated to reflect the fast-moving threat landscape and must also span every employee within the organization.
At the same time, implementing a robust cyber security strategy is imperative. Businesses need to continue ensuring that their systems can block as many threats as possible from reaching users, protect their digital identities, and ensure the data they create and access is protected from compliance risks and security threats – thus, removing the guesswork from employees and reducing human error risks.
Finally, it’s imperative to remember that we can’t remediate identity vulnerabilities if we don’t first gain visibility and insight to what and where they are. While a significant emphasis is given to detection and response, there’s very little focus on discovery and prevention. Prioritize identity security tools that can uncover the identity vulnerabilities that attackers actually use day in and day out.
What is lateral movement and why has it become a top cybersecurity concern in the new digital reality?
IN: Lateral movement refers to the techniques that a cyber attacker uses, after gaining initial access, to move deeper into a network in search of sensitive data and other high-value assets. Because it allows attackers to gain access to additional resources and sensitive data through entry into the first infected machine, lateral movement is a major cybersecurity issue for defenders.
Invisibility: Cybercriminals using lateral movement typically try to blend in with normal network traffic patterns and avoid detection by traditional security tools.
Persistence: Once inside a network attackers employing lateral movement can establish multiple footholds or points of entry, making it difficult for cybersecurity teams to eradicate them completely. Finding and eliminating one point of entry does not remove the threat actor from the network.
Ease of propagation: With many organizations adopting interconnected or flat networks and integrated cloud services, it’s easier than ever for threat actors to exploit these connections via lateral movement.
Damaging consequences: Successful execution of lateral movements can sabotage the confidentiality, integrity and availability of key IT systems and data.
How can organizations foster trust when remote/hybrid work means they have less visibility and control over end-user identity and access?
IN: Fostering trust in a remote/hybrid work environment is indeed challenging, which is why organizations need a combination of people, process, and technology to defend their organization.
We believe this is only possible by placing users at the heart of your defense since employees are often one of the first lines of defense against malicious attacks. This is why it is more important than ever to prioritize a people-centric approach to conduct cybersecurity awareness training and empower employees with the right mindset that cybersecurity is everyone’s responsibility.
Additionally, investing in advanced email fraud defense that utilizes the latest technologies in machine learning and artificial intelligence to detect attacks, protecting cloud accounts, and partnering with a threat intelligence vendor are essential to stay ahead of agile attackers and detect new attack tactics effectively.
With changing regulatory requirements around data privacy and security in Asia Pacific, what must organizations in the region be aware of?
IN: Organizations must ensure they are up to date with the latest compliance and regulatory requirements. They can do this by:
- Staying informed: Regularly monitoring and staying abreast of updates to data privacy and security regulations in the Asia Pacific region.
- Adopting a holistic approach: Implementing a comprehensive cybersecurity strategy that aligns with regional regulations, encompassing data encryption, secure access controls, and incident response plans.
- Prioritizing data protection: Emphasizing robust data protection measures to safeguard sensitive information. This includes encryption, tokenization, and anonymization of data as applicable.
- Assessing and updating policies regularly: Periodically reviewing and updating internal cybersecurity policies to align with the dynamic regulatory landscape and ensure ongoing compliance.