Five Nines Newsletter - Volume 16
Hey there ??,
Welcome to this month’s Five Nines newsletter, your trusted guide through the ever-evolving maze of Identity and Access Management (IAM).
In this edition, we’re looking into how CISOs are handling cyber guidelines, the demand for managing detection and response systems
We’ve also rounded up the latest podcasts, videos, blog posts, and events to help you stay abreast of emerging IAM trends and technologies. In addition, we have included updates on the recent Roku, Dropbox, and Change Healthcare attacks.?
We hope you enjoy and, as always, stay resilient ??
Trending IAM News: ??
CISOs Tackle Compliance With Cyber Guidelines
With an increase in cybersecurity compliance regulations, such as the EU’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA), Chief Information Security Officers (CISOs) and IT security leaders are forced to rethink cybersecurity strategies. For example, the SEC disclosure mandate requires organizations to disclose “material cybersecurity incidents”. This new mandate has proven ambiguous, and companies are trying to decide what quantifies a “material” breach and what does not. To comply with these and other emerging regulations, CISOs should understand the complete attack surface of their organization. When implementing new compliance efforts, John Allen, vice president of cyber risk and compliance at Darktrace, recommends an integration strategy. Whenever possible, integrate compliance efforts with existing initiatives. Allen also notes the importance of compliance but reminds CISOs that resiliency should be the primary goal of any cybersecurity program.
What’s behind the demand for MDR and IAM systems
While IAM systems help to protect organizations by only allowing verified identities to access their systems, manage detection and response systems (MDR) address circumstances where a bad actor manages to bypass or foil the verification process. With cyber incidents on the rise, the demand for MDR is steadily increasing. According to research from Gartner, MDR is expected to nearly double in revenue from 2022 to 2025. Mitchell Schneider has two recommendations for adding an MDR service to your security plan. First, a successful MDR should consider business needs
A leaky database spilled 2FA codes for the world’s tech giants
YX International is an Asian tech and internet company that provides SMS text routing services and produces cellular networking equipment. According to YX International, they send as many as five million SMS text messages daily. A YX database was recently discovered online, allowing anyone with the database’s public IP address to access the database without needing a password. Data exposed included text messages, one-time passcodes, and password reset links. The exposure was identified by good-faith security expert Anurag Sen, who could not ascertain the owner of the database. Anurag reported his findings to TechCrunch for help identifying the database owner and resolving the exposure. Using internal email addresses and passwords referencing YX International, TechCrunch deduced the owner of the database and informed the company. Little is known about the resolution process; an unnamed YX International representative simply stated that YX had “sealed this vulnerability”.
4 Tabletop Exercises Every Security Team Should Run
When preparing for a cyber incident, ensuring the effectiveness of your response plan should not be overlooked. Tabletop exercises are an excellent tool to gauge the effectiveness of an organization’s response strategy and identify any weaknesses or room for improvement. Since tabletop exercises are not simulation drills, it can be helpful to have a facilitator oversee the exercise, helping team members analyze their roles and responsibilities based on different threat types. To prepare for four of the most recurrent threats, organizations should conduct regular ransomware, third-party risks, insider threats, and DDoS tabletop exercises. For a list of recommended questions to facilitate discussion during your next tabletop exercise, be sure to check out CSO online.’s article.?
Data breaches caused by insiders can cost you over $15 million
Every year, organizations spend considerable capital, resources, and time ensuring their systems are prepared for outside threats. However, a recent survey from Code42 revealed that events due to insiders are just as detrimental as those caused by outsider threats. Insider-driven incidents are on the rise, with a 28% average monthly increase in data exposure since 2021. The cost associated with these events can be considerable, in some cases costing as much as $15 million. Respondents to Code42’s survey listed generative AI as a primary concern for accidental data leaks. With many organizations turning to AI due to skill shortages in cybersecurity, this common pain point is especially concerning. Companies should implement data monitoring solutions that track data transfers in the cloud and AI tools to reduce the risk of insider-driven events within their organization.?
Trending Okta News: ??
Okta Announces Availability of Fine Grained Authorization for Enhanced Security and Efficiency
Earlier this month, Okta announced general availability of Fine Grained Authorization (FGA). This new offering provides a centralized, scalable, and flexible method for creating authorization models. This feature allows developers to save time and tailor authorization processes to their organization's specific requirements and guidelines. FGA also provides greater visibility into the authorization process than more traditional methods. The Limited Early Access version of FGA was released late last year and was quickly implemented by several organizations across industries. The general availability release of FGA expands on the limited release and offers proven scalability, flexible policies, and Okta's industry-leading reliability. Additionally, general availability FGA provides software tools for some of the most popular development languages, including .Net, Go, Javascript, Java, and Python.
Tactical Identity Bridge Appliance: How the U.S. Government can extend Okta to the tactical edge
Tactical edges, such as areas with limited bandwidth or little to no internet connection, have long posed challenges for SaaS technologies. However, SaaS technologies are a key component of successful missions in tactical edges for several federal organizations. To provide reliable services even at the tactical edge, Okta has partnered with SelecTech to create the Tactical Identity Bridge Appliance (TIBA). TIBA provides identity, credential, and access management (ICAM) tools even when disconnected from the internet. Once connectivity is re-established, TIBA aligns users and their with the system. In addition to providing ICAM at the tactical edge, TIBA also aligns with the Federal Government and Department of Defense’s strict requirements while providing a comprehensive ICAM solution.
The quest for Workforce Identity maturity
In a recent article by Okta, the concept of a quest is analogized to the journey of Workforce Identity. Like a quest in literature, navigating Workforce Identity maturity is a challenging journey with opportunities for growth and development. Okta's workforce Maturity model serves as a roadmap for organizations embarking on this quest through identity maturity. The model outlines four stages: fundamental, scaling, advanced, and strategic. Each stage presents its own set of challenges but also provides crucial steps for advancing your organization along the journey toward the next stage. While reaching the fourth and final strategic stage may feel like the end of the identity maturity journey, it's important to recognize that this stage is ongoing. This final strategic phase focuses on continuously optimizing and extending identity practices. Like with any quest, it's essential to celebrate progress at every milestone along your identity maturity quest.
Podcasts ???
#266 - Identity Wallets with Nick Mothershaw of The Open Identity Exchange
This episode of Identity at the Center welcomes Nick Mothershaw, the Chief Identity Strategist at Open Identity Exchange (OIX). At OIX, Mothershaw focuses on creating a universally trusted identification that can be used for identity and eligibility verification anywhere. In this episode, Mothershaw joins hosts Jim McDonald and Jeff Steadman to discuss the technology behind digital wallets and common use cases. They also discuss the role governments should play when issuing wallets and the emergence of smart and roaming wallets. The episode ends with a dialogue on the value of incorporating biometrics into digital wallet functionality.?
Root Causes 366: What is eIDAS?
In this episode of Root Causes, hosts Tim Callan and @Jason Soroko explore all about eIDAS 2.0. eDIAS refers to ‘electronic identification and trust services’ and is a conglomeration of techniques proving the identity of individuals and businesses while online. In February of this year, the European Parliament officially adopted the revised eDIAS proposal, sparking potential changes to the digital identity in Europe. Callan and Soroko dive into the details of eDIAS and the reasoning behind this technology. The hosts also speculate on how eDIAS may change the landscape of European digital identity.?
E48 - NIST CSF 2.0 / Nightdragon CISO Spend Report / PAM + IGA Convergence
During this episode of The Week in Identity, hosts Simon Moffatt
and Daniel focus on governance. To kick off the episode, Simon and Daniel discuss the recent NIST Cyber Security Framework update, including the newly-added governance stage. From there, the topic segues to the possible convergence of privilege access management (PAM) and identity governance and administration (IGA) based on a community poll from the The Cyber Hut . Towards the end of the episode, the topic turns to CISO’s spending habits as revealed by the investment firm Nightdrag
Acsense Blog ??
Terraform Okta Provider: The Acsense Difference
Integrating Terraform with Okta provides an effective tool for managing your organization's identity resources. When creating this integration, Okta Terraform links your organization's infrastructure code and the Okta Identity Cloud. In this recent Acsense article, CEO Muli Motola walks users through the integration process, from understanding the Okta Provider and prerequisites to configuring the provider and managing Okta applications. However, while Terraform excels in infrastructure management, it does not have a backup solution. Acsense's IAM Resilience Platform offers enhanced resilience by delivering continuous backups, granular recovery options, adherence to Zero Trust security principles, and scalable solutions. With these and other resiliency features, Acsense stands out for organizations prioritizing a resilient IAM infrastructure.
领英推荐
Acsense On Demand ??
The Cost of An IAM Breach Feat. Kayla Williams
Downtime: More Than Just a Technical Glitch
"In the era of relentless digital transformation, understanding the implications of downtime in your IAM system is not just important, it's crucial for business continuity."
- Kayla Williams
Events ??
Identiverse
Coming up in May at the ARIA Resort and Casino in Las Vegas, Nevada, is Identiverse’s The Identity Engine. At this event, over 250 speakers are scheduled to discuss hundreds of identity-related topics pertinent to businesses today. Some of the keynote speakers scheduled for this event include Tucker Bryant (Entrepreneur, Former Googler, and Nationally Renowned Poet), Matt Caulfield (VP, Product and Security at Cisco), and Denee Defiore (Chief Information Security Officer at United Airlines).?
Details:
?? When: May 28-31, 2024
?? Where: ARIA Resort & Casino, Las Vegas, Nevada
TDI 2024 - Trends in Digital Identity
In April, the second International Workshop on Trends in Digital Identity will be held in Rome, Italy. At this conference, attendees can expect informative discussions on topics such as ‘Identity for Web 3.0 and Metaverse’, ‘Mobile and Strong Authentication”, “Trust Frameworks for Identity Management Solutions,” and much more.
Details:
?? When: April 9, 2024
?? Where: Viale Manzoni 1, 00185 Rome, Italy
Okta Gov Identity Summit
Okta is hosting their Gov Identity Summit on April 23 in Union Station, Washington, DC. With federal deadlines for Zero Trust goals looming, cybersecurity and digital services are a crucial concern for all levels of government agencies this year. This event focuses on the role modern identity plays in both the public and private sectors and how to achieve key zero trust deadlines. Other topics include a simple, humanizing approach to securing digital services, how to maintain operational readiness regardless of the environment, as well as the powers and risks associated with AI. Attendance is free for attendees in the government sector, but space is limited, so early registration is recommended.
Details:
?? When: April 23, 2024
?? Where: Union Station, Washington DC
Company Corner ??
Roku says 15,000 accounts affected by external data breach
Roku recently took action in response to a concerning cybersecurity incident affecting some of its users. While Roku itself was not directly targeted, the company discovered that certain user passwords were compromised in a data breach linked to an unidentified third party. This breach led to unauthorized access to some Roku accounts, with hackers exploiting login credentials obtained from another company's security breach. Exploiting this information, malicious actors attempted to make unauthorized purchases of Roku subscriptions and hardware products using stored credit card details from the compromised accounts. Bleeping Computer noted that implementing two-factor authentication
Dropbox Used to Steal Credentials and Bypass MFA in Novel Phishing Campaign
Recently, threat actors attempted a phishing attack by leveraging a legitimate DropBox email address to send users a link to a PDF file hosted on DropBox. As the name of the PDF file was related to a partner organization, the user did not suspect an attack and accessed the PDF file, where they were exposed to a malicious link. When users followed the link within the PDF, they were routed to an illegitimate but realistic Microsoft 365 login page. After providing their login and password on this page, the threat actors harvested the credentials and used them to access the organization’s system. While the organization did utilize MFA, the threat actors provided valid MFA tokens, likely due to an accidental or unknown approval of the MFA request by the user. Despite the legitimate login and MFA usage, the company’s security team identified the breach due to unexpected account activity. Such social engineered phishing attempts are on the rise, often enabled by generative AI. Due to the sophisticated and targeted nature of such attacks, they can be difficult to identify, making the need for robust and resilient systems paramount.
Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment
Late last year, Change Healthcare experienced one of the most debilitating ransomware attacks in years. The attack affected pharmacies across the United States, in some cases delaying the fulfillment of prescription drugs for ten days or more. New information about the attack and its resolution recently came to light. AlphV, also known as BlackCat, received a $22 million deposit to a Bitcoin address associated with the group. The deposit was further linked to the Change Healthcare attack when an individual associated with AlphV claimed the hacker organization did not pay them for their work on the attack, citing the publicly available Bitcoin deposit. If the deposit was a ransom for the Change Healthcare attack, there are serious concerns about the precedent this could set for cybersecurity in the healthcare industry. Additionally, there is no guarantee AlphV did not retain a copy of Change Healthcare’s data, which they could use for malicious purposes later.?
AT&T Data Breach: What You Need To Know About The Data Leak
In recent developments, the cybersecurity community has been abuzz with news of a significant data leak impacting AT&T customers. Here’s a comprehensive overview, along with recommendations for businesses seeking to bolster their cybersecurity posture, particularly through resilient identity and access management (IAM) solutions.
Meme Of The Month ??
Thank You For Reading!
We hope you enjoyed the April edition of the Five Nines newsletter!
Share with colleagues or follow us on LinkedIn for more IAM resilient insights and trends.
About Acsense:
Hailing out of Tel Aviv, Israel, the team at acsense, former EMC veterans have been exposed to the most challenging IT and security ecosystems in the world.
Our mission is to help security and risk management leaders eliminate IAM as a single point of failure from threats like ransomware, insider threats and misconfigurations caused by human error. We deliver a state-of-the-art platform for access and business continuity, serving both workforce and customer IAM needs with one seamless solution.
Our platform features one-click recovery, constant data verification, periodic testing, and the ability to identify changes between Points in Time, making your IAM system resilient.
Acsense is backed by Joule Ventures, Gefen Capital, Fusion and independent investors.
To learn more, click here to visit our site.
Digital Identity Strategist and Identity at the Center podcast co-host
11 个月The Identity at the Center Podcast did an episode with Andi Hindle, the Content Chair of Identiverse in case anyone is interested