Five Nines Newsletter - Volume 17
Hey there ??,
Welcome to this month’s Five Nines newsletter, your trusted guide through the ever-evolving maze of Identity and Access Management (IAM).
In honor of Identity Management Day last month on April 9th, we are investigating the impact of identity resilience on cybersecurity. Unsurprisingly, cloud-based identity expands your attack surface, but have you ever wondered by how much? And while your organization is likely utilizing backups, how well are those backups protected? We’re answering these and other burning IAM questions in this edition.
We’re also covering the latest podcasts, events, blog posts, and videos you will not want to miss. Several larger acquisitions were announced last month, so be sure to check out the pending changes to stay up to date on what's happening in the industry.??
We hope you enjoy and, as always, stay resilient ??
Trending IAM News: ??
How Much Does Cloud-based Identity Expand Your Attack Surface?
When considering the move to a cloud IDP, it's essential to remember that such a move extends your attack surface. Such a move means your organization must consider not only your users but other users who could compromise the entire platform just by clicking on a phishing link. Okta's October 2023 hack proves just how large attack surfaces can be. Leveraging a stolen credential, threat actors gained access to Okta's support case management system. From just this stolen credential and support case access, the attack surface soon extended to network access and IdP clients' networks and data. Additionally, the threat actor gained the ability to move across applications within the platform, further extending the attack surface. To reduce such risks, MFA and role-based access management controls are essential mitigation strategies. For organizations considering the move to a cloud-based IdP, a comprehensive risk management plan is a crucial strategy for reducing the attack surface.??
Compromised Backups Send Ransomware Recovery Costs Soaring
System and data backups are a popular strategy for reducing the risk of ransomware. However, having backups alone is not enough. If backups are compromised during a breach, they are of little to no assistance in restoring business operations. A recent report from Sophos, a cybersecurity firm, found that backup-targeting ransomware is on the rise. In the same report, 94% of respondents stated their organization had cybercriminals attempt to access their backup during an attack. For organizations in the government and media sectors, this statistic rose even higher to 99%. When backups are compromised, it impacts not only the recovery time for the organization but also the ransom price. The average ransom when backups remain intact is $1 million, but if backups are compromised, the average ransom rises to $2.3 million. To ensure your backups are safe, prepare for these most common methods attackers use to compromise backups: deleting or corrupting backup files, phishing attacks, restricting access to backups, and infecting backups with ransomware.
Why Identity Management is Key in a Cyber Resilience Strategy
Since 2021, the second Tuesday in April has been designated as Identity Management Day. The event began due to the increase in identity-related breaches. According to the Identity Defined Security Alliance (IDSA), 84% of organizations have experienced an identity-related data breach. For this year's Identity Management Day, the IDSA is running two programs. The Identity Management Champion Program is for those who have made it their goal to apply foundational identity management and security practices in their organization. The Identity Management Program is for both individuals and organizations who have reduced risk through identity management and security practices. In addition to these programs, IDSA created a list of actionable steps for security leaders, security practitioners, and employees to improve their organization's cyber resilience through implementing identity management strategies.?
Over 800K Impacted by City of Hope Systems Breach
City of Hope, a clinical research organization and cancer hospital, experienced a cyberattack that affected over 800,000 patients' data. The attack occurred at some point between September and October of last year. The investigation is still underway, but names, birthdates, phone numbers, and email addresses may have been compromised during the attack. More concerningly, Social Security numbers, financial details, and medical information could have been compromised as well. However, according to the City of Hope's filing with the Maine Attorney General's office, there is currently no evidence of identity theft. Since the incident, the City of Hope has implemented strengthened network, system, and data cybersecurity measures.?
What is Identity Fabric Immunity? Abstracting Identity for Better Security
For Chief Information Security Officers (CISOs), managing hybrid or multi-cloud identity management infrastructures presents a complex challenge. Identity fabric immunity (IFI) is one framework for simplifying identity management while ensuring compliance and security. IFI is similar to zero-trust architecture in that it provides a guiding principle for security-minded organizations. The core tenant of IFI involves making "a shared, distributed layer of security that covers the entire enterprise." To execute IFI, key roles include an identity provider (IdP), API gateway, Identity broker (IB), and policy engine. While IFI can be costly and time-consuming to implement, an incremental adoption can be used to ensure changing business needs and evolving identity threats are incorporated.?
2024 Data Breach Investigations Report
Verizon recently released the 17th version of their annual Data Breach Investigations Report (DBIR). Every year, this report highlights the different types of threat actors, the tactics they deploy, and the targets they select. This year’s report notes recent attack innovations such as the attack on MOVEit as well as tried-and-true threats such as ransomware and denial of service (DoS) attacks. Key insights from the report include the 4AS of the Vocabulary for Event Recording and Incident Sharing (VERIS), incident classification patterns, industry-specific data, and regional analysis. The report contains essential data and analysis to help cybersecurity professionals in any industry or region be more prepared for any attack type.
Trending Okta News: ??
Surge in Okta Credential Stuffing Attacks —Highlighting the Urgent Need for Enhanced IAM Resilience
Credential stuffing attacks occur when threat actors access breached usernames and passwords. Since these credentials are often used across several sites, threat actors can leverage this breached information to infiltrate other systems. Okta has reported an uptick in credential stuffing attacks, with customers who use older versions like Okta Classic Engine at an increased risk. To mitigate this risk, Okta takes a defensive approach through features like ThreatInsight, Okta Identity Engine, and Dynamic Zones. However, if an attack bypasses these defenses, these preventive strategies are of little help. To ensure your system is prepared for an attack and can quickly recover if an attack is successful, Acsense utilizes a dual preventive and recovery approach. Even if threat actors bypass preventive measures, Acsense offers backup and recovery strategies, rapid recovery, and resilience testing to ensure your organization is prepared for credential stuffing attacks.
Simple and secure user experiences: The latest on Okta Customer Identity Solution
When presented with an easy-to-use login process, users are more likely to spend additional money at ecommerce sites. To help ecommerce businesses, Okta's customer Identity Solution now offers additional features to simplify the login process. Keep me Signed in makes signing in easier for customers when they log on from a trusted browser. Multiple Identifiers allow customers to create a personalized experience based on certain profile attributes. Lastly, Custom Languages for Okta Templates means admins can send Okta-generated emails in any language.??
Okta Wins Google Cloud Technology Partner of the Year Award for Productivity and Collaboration: Impact
A year ago, Okta celebrated their upcoming partnership with Google Workspace. Through this collaboration, both organizations sought to provide their customers with extra security for their identity needs. This year, Okta is celebrating the success of this partnership as it is the recipient of the 2024 Google Cloud Technology Partner of the Year award. Okta's partnership with Google has proven a successful venture, providing their customers with a unique digital system that increases productivity, independence, and flexibility. Winsupply is just one of the many happy customers of this partnership. Winsuppy Senior Vice President of IT, Chris Schrameck, lauded the collaboration, saying, "With Okta and Google Workspace, Winsupply's success is easy to see."
Request for Builders: Six key focus areas in Identity
Identity provides a host of opportunities for builders, or startup SaaS companies. In this Okta blog post, Shiven Ramji, President of Customer Identity Cloud at Okta, dives into six identity-related ideas for SaaS builders. The first focus area includes detecting and countering deep fakes. Deepfakes are an increasingly prevalent issue, with one such attack costing a Hong Kong bank 25 million. The second focus area surrounds wallets for the future. California is already working in this area. In 2023 the state launched Mobile Drivers License (MDL) which allows users to share only the relevant content from their government issued credentials. For example, when making a purchase that requires age verification, users enrolled in MDL can share just their age from their credentials, keeping other sensitive information private. Other focus areas include empowering users with their data, app modernizations, Securing data, and using VR/AR for authentication and proofing.?
IAM Resilience Hub ? by Acsense
Welcome to the IAM Resilience Hub, Acsense's dedicated community for IAM experts, leaders, and enthusiasts. In this collaborative space, we delve deep into the challenges and solutions surrounding identity and access management & resilience.
Podcasts ???
Identity Belongs To You. Introducing The Okta Secure Identity Commitment.
In this episode of Cybercrime Magazine's podcast, Stephen M. , the Chief Security Officer at Okta, talks with podcast host Charlie Osborne about the Okta Secure Identity Commitment. The duo discusses upcoming plans for the commitment,? how it will address identity-related attacks and much more. The episode also covers Okta's suite of tools and how they can be used to improve user experience, customer engagement, and employee productivity, as well as reduce the time it takes to get apps to market.?
The Transformation of Security Roles: From Technical to Strategic
In this episode of the Identity Jedi Podcast, hosts David Lee and Sameer Sait are joined by Thomas Donnelly . Donnelly discusses his insights into the shifts crucial for successful CISOs. Donnelly highlights the importance of soft skills, especially when it comes to career advancement. The episode also focuses on building security into the foundation of an organization and ensuring a company culture that is focused on security. Lee, Sait, and Donnelly also cover the value of open dialogue and community support for building effective identity security solutions with professionals from diverse backgrounds. To end the episode, Donnelly urges Chief Information Security Officers to focus more on organizational security goals and let others handle the specific technical execution.
Acsense Blog ??
Industry experts Muli Motola, Co-founder and CEO of Acsense, Kayla Williams, CISO of Devo Technology, and Moriah Hara, CISO and cybersecurity expert, join host Dr. Edward Amoroso for a webinar about using IAM resilience to reduce cyber risk. The webinar focuses on a few key topics: what is IAM and why it is important, practical solutions for IAM resilience, recent examples of IAM disruptions, and strategic steps for improving IAM resilience. The webinar concludes with a reminder from Dr. Amoroso that organizations should assess and strengthen their IAM resilience strategies. For expert insights and concrete examples, this webinar has a host of effective tips and advice for those who want to improve IAM resilience in their own organization.?
Acsense On Demand ??
How IAM Resilience Can Reduce Cyber Risk to Your Enterprise
In this episode of Acsense on Demand, Dr. Edward Amoroso, CEO and Founder of TAG Infosphere, leads a panel of industry experts. Joining him are Muli Motola, Co-Founder and CEO of Acsense; Kayla Williams, CISO of Devo Technology; and Moriah Hara, CISO and industry expert. Together, they delve into how the commercial Acsense platform bolsters an organization's Enterprise IAM Resilience. They discuss specific examples such as deploying the Okta platform, improving backup and recovery systems, reducing downtime, ensuring data integrity, and providing seamless access, even in the face of security threats.
领英推荐
Events ??
The Identity Engine
There is still time to register for Identiverse's The Identity Engine conference! This event features over 250 speakers covering a variety of identity-related topics. Keynote speakers include Tucker Bryant (Entrepreneur, Former Googler, and Nationally Renowned Poet), Matt Caulfield (VP of Product and Security at Cisco), and Denee Defiore (Chief Information Security Officer at United Airlines). Additionally, the Expo Floor is set to show the latest innovations in IAM.
Details:
?? When: May 28-31
?? Where: ARIA Resort & Casino, Las Vegas, Nevada
RSA Conference
This year's RSAC theme is "The Art of Possible." The event will focus on cybersecurity works that further what we think of as possible. The event will celebrate new opportunities as well as challenges to the status quo. Event speakers include George Kurtz, the CEO and President of Crowdstrike, Maria Mora, Staff application security Engineer at SiriusXM, and Heather Mahalik Barnhart, DFIR Curriculum lead.
Acsense CEO and Co-founder Muli Motola will be attending the conference, be sure to say "Hi" if you see him. You can also schedule a chat with Muli here or [email protected]
Details:
?? When: May 6-9
?? Where: Moscone Center, San Francisco, CA
European Identity and Cloud Conference 2024
The seventeenth European Identity and Cloud Conference is set for June 4-7 in Berlin. At this event, you can expect over 300 speakers and 230 sessions covering topics such as Digital ID, security, privacy and governance. Agenda highlights include sessions on wallet security in a decentralized ecosystem, best practices for AI-driven security threats, and what human identity means in the AI era.?
Details:
?? When:?
?? Where: Berlin Congress Center
CICC Israel Cyber Night 2024
CICC's tenth annual Israel Cyber Event is all about what CISOs want and best practices when selling to them. Event speakers include Rupa Parameswaran (VP of SEcurity and IT at Handshake), Hanan Szwarcbord (VP and CSO at Micron Technology), and Matt Lee, CISSP, CCSP, CFR, PNPT. In addition to industry insights and advice from these speakers, the event also provides vendors, investors, practitioners, and other CISOs with networking and collaboration opportunities. Be sure to stick around after the event for a chance to chat with Muli Motola , co-founder and CEO at Acsense about your Okta risk and how Acsense can ensure resilience against bad actors and human errors.
Details:
?? When: May 8, 2024
?? Where: 101 2nd St, San Francisco, CA 94105
Request Your Free Okta Risk Assessment
Company Corner ??
Commvault Acquires Appranix to Boost Cyber Resilience
Commvault, a cyber resilience and data protection firm, is set to acquire Appranix, the cloud cyber resilience company. Through this acquisition, Commvault will expand their offerings, providing customers with a method for rebuilding their critical cloud applications, the data those applications rely on, and the underlying cloud infrastructure when disaster strikes. The merger is expected to finish by the summer of 2024. Appraniz founder and CEO Govind Rangasamy is looking forward to the acquisition, noting the companies "share a common vision to go beyond traditional backups and disaster recovery." Rangasamy praises this common vision, saying it will allow the companies to offer their clients "comprehensive, unmatched resilience capabilities for businesses globally."
Leaky CLI Flaw Exposes AWS and Google Cloud Credentials
The Orca Security team has uncovered a new vulnerability dubbed "LeakyCLI." As its name suggests, this vulnerability targets command-line tools often utilized in cloud environments. When specific commands are executed, sensitive information can be inadvertently exposed via environment variables which poses a significant risk. Threat actors can exploit this vulnerability to gain access to such critical data as passwords and keys. Upon discovering the vulnerability, Orca promptly notified both Google and AWS of the vulnerability. However, both companies have indicated that this behavior? “within design parameters”. To mitigate risks, Orca recommends users refrain from storing sensitive information in environment variables and instead utilize dedicated secrets store services.
IBM to Acquire HashiCorp, Inc. Creating a Comprehensive End-to-End Hybrid Cloud Platform
IBM recently announced its definitive agreement to acquire HashiCorp Inc. for $35 per share. This totals to an enterprise value of $6.4 billion. Through this purchase, IBM will acquire HashiCorp's suite of products, known for its Infrastructure Lifecycle Management and Security Lifecycle Management capabilities. Through the merger, the company's combined technologies are expected to accelerate growth in critical domains such as Red Hat, data security, and IT automation. Aravind Krishna, the chairman and CEO of IBM, expressed his excitement for the acquisition, "Combining IBM's portfolio and expertise with HashiCorp's capabilities and talent will create a comprehensive hybrid cloud platform designed for the AI era." The transaction is slated by the end of 2024.
BeyondTrust Acquires Entitle, Strengthening Privileged Identity Security Platform
BeyondTrust, a global player in intelligent identity and access security, has announced its acquisition of Entitle. Entitle provides privilege management tools that focus on the discovery, management, and automation of just-in-time access, as well as modern identity governance and administration (IGA) for a company's complete cloud estate. Through this merger, customers will be able to provision user access to sensitive data and cloud resources on a time-bound and as-needed basis. Entitle's innovative solution addresses the challenge of implementing least-privileged access, particularly through its just-in-time (JIT) tools, offering companies a streamlined approach to enhancing security posture.
Meme Of The Month ??
Thank You For Reading!
We hope you enjoyed the May edition of the Five Nines newsletter!
Share with colleagues or follow us on LinkedIn for more IAM resilient insights and trends.
About Acsense:
Hailing out of Tel Aviv, Israel, the team at acsense, former EMC veterans have been exposed to the most challenging IT and security ecosystems in the world.
Our mission is to help security and risk management leaders eliminate IAM as a single point of failure from threats like ransomware, insider threats and misconfigurations caused by human error. We deliver a state-of-the-art platform for access and business continuity, serving both workforce and customer IAM needs with one seamless solution.
Our platform features one-click recovery, constant data verification, periodic testing, and the ability to identify changes between Points in Time, making your IAM system resilient.
Acsense is backed by Joule Ventures, Gefen Capital, Fusion and independent investors.
To learn more, click here to visit our site.