Blog

Identity Risks: Why Every Organization Must Focus on Identity-based Security

June 10,2022 by Sid

In 2022, Identity-based security has evolved from an authorization-based security strategy into one with a broader bandwidth that includes identity theft, misuse and privilege escalation. With cybercriminals exploring newer ways to penetrate the IT systems of organizations, mitigation of identity risks is a challenge not just for IT security professionals but also for non-IT employees.

In this blog, we define identity-based security, explore the findings of a recent ‘Identity Risks Report’ and critically analyse the statistics to deduce what this all means for businesses.

Identity-based Security and Identity-first Security

Identity-based security focuses on secure access to digital information based on the authenticated identity of a person. It ensures that the account users of any digital platform are given sole access to their information through various methods such as username, password, fingerprint, or facial recognition. Furthermore, identity-based security also includes giving accurate permission levels to accounts and protecting account credentials.

In the last few years, Identity-first security has grown in popularity where there is an increased emphasis on verifying the identity of a user versus relying solely on user credentials to strengthen the security levels of account users.

Multi-factor authentication (MFA) and Single sign-on (SSO) are two of the most popular approaches in Identity-first security. MFA prompts additional verification through a secondary source like an app or SMS and SSO aims to reduce the number of credentials used to reduce the risk of re-used combinations.

“MFA and SSO combined with a zero-trust policy is a powerful trio in Identity-first security that assists in matching the level of authentication to the identity risks involved”

Top Identity Risks: Report Highlights

Analysing Identity Risks 2022⁽¹⁾ is a recent report published by Illusive that compiled top identity risks of 2021 using a sample size of 25 organizations across industries such as financial services, healthcare and retail companies. The report categorized Identity Risks into Unmanaged Risks, Misconfigured Risks and Exposed Risks.

  • Unmanaged identity risks were defined as outdated local admin passwords or admin IDs that are not controlled by an account management solution such as Microsoft’s Local Administrator Password Solution (LAPS)
  • Misconfigured identity risk is associated with regular end-users with IT administrator privileges that the IT department is not aware of or not managing – also called “shadow admins”
  • Exposed identity risks are when privileged account passwords are simply left exposed on endpoint devices and there are different sources such as cached credentials, in-app password stores, OS password stores and disconnected desktop protocol (RDP) sessions.
Summary of important findings:
  • 1 in 6 endpoints had exploitable identity risks
  • 40% of so-called “shadow admin risks” could be exploited in a single step
  • 87% of local administrators weren’t part of a privileged account management solution
  • Privileged account passwords were exposed on 13% of endpoints
  • 62% of the organizations sampled left passwords unchanged for more than a year
  • 13% of organizations had domain administrative privileges which could lead to privilege escalation if the accounts were hacked by attackers
  • 34% of exposed identity credentials were stored as in-app credentials
  • 55% of exposed privileged credentials were stored in web browsers

Priority Boost for Identity-first Security

Considering the above findings, it’s safe to say that Identity Risks are overlooked by organizations in their cybersecurity practices. In the current landscape, where identity credentials have become prime targets for exploitation by attackers, a priority boost for Identity-first Security is crucial for businesses.

6 Recommendations – Where to Begin: 
  • Adopt Identity-first security approaches such as multi-factor authentication and Single sign-on for your users and combine them with a zero-trust policy
  • Use advanced account management solutions such as Local Administrator Password Solution (LAPS) that ensures local administrators use unique credentials for their admin accounts
  • Administrative passwords should be changed regularly – at least once in 2 months
  • Identity credentials stored in web browsers and apps need advanced privileged access management (PAM) solutions and should be put through an Active Directory Check to reduce exploitation
  • Upskilling of IT security teams to stay on top of emerging cybercrime trends related to Identity-based risks
  • Cybersecurity awareness training for non-IT teams to be well-informed of how attackers can extract their credentials

Explore our full-range of Cybersecurity Upskilling Courses.

 

 

References: Analyzing Identity Risks 2022, Illusive Report

Leave a Comment

Your email address will not be published.

Enquire now

Enquire now

    Cart
    Unfortunately, Your Cart Is Empty
    Please Add Something In Your Cart