If we were to gaze into a crystal ball to see the future of Identity and Access Management, we would undoubtedly see a huge amount of flux taking place in organizations across verticals around the globe. The pandemic has created a new normal, changing the way organizations need to operate. Information, people and infrastructure are no longer siloed but have become widely distributed. In short, it is an explosion of sorts, with organizations looking to expand their footprint in this savagely competitive business world. This race of business expansionism is also being viewed very closely by threat actors as they see an expanding attack surface unfold before their eyes. So, if these threat actors are to be the villains in the entire IT ecosystem, then there needs to be a hero too. Identity and access management which emerged in the late nineties is now the proclaimed hero in this ever-changing IT landscape, looking to combat cyber threats.
Identity and its digital avatar
The origins of identity records and their verification were in the form of paper-based documents like a passport, driver’s license or photo-id card. These have served their purpose as the world moved into the digital age. Identity transformed into its digital avatar – the digital identity. The rise of digital adoption from society and mobile usage, and the introduction of new authentication regulations have all contributed toward this transformation. In a data-driven, hyper-connected world ‘identity’ has been a focus for many businesses, governments and regulators. The creation of the digital identity is again based on several inputs concerning personal information. Such a creation would be required to answer a general query like, “how do you prove that you are you?” The answer would require the respondent to provide a host of details like date of birth, bank account numbers, and passport details to mention a few. And thus a digital identity is created based on what is today called “personally identifiable information” in short PII. This information which is lying in several servers both on-prem as well as in the cloud has become a goldmine for cyber-criminals. The creation of digital identity has given rise to what is now called “identity theft”.
Digital Identity, the new attack vector
With the number of entry points to an organization’s IT ecosystem being increased as an aftermath of the digital transformation, cybercriminals have now umpteen ways to infiltrate the system. The digital identity has now been weaponized and transformed into an attack vector to gain access to the IT pipeline. The reason for this weaponization is that it is the identity that is the only thread which connects to information, IT infrastructure as well as workforce and consumer experiences in this widely distributed IT ecosystem. Cybercriminals have found ways to exfiltrate digital identities during the identity’s lifecycle – during the stage of Identity creation, during the stage of operation, when the identity is put to use, and during the stage of dormancy when the identity so created is lying unused. Identity attack vectors extend the surface area for cyber-attacks beyond the open ports, database vulnerabilities, and insecure protocols that malicious intruders often seek to exploit.
Key Identity Attack Methods
Identity attack methods typically depend on exploiting user accounts in some way. The method used can either be physical or electronic. These methods, when successful, can wreak havoc and lead to costly data breaches.
1. Social Engineering
Social engineering attacks typically involve outsiders manipulating people into revealing sensitive information. In the context of identity attacks, this information is typically a username-password pair for accessing a resource on an organization’s network. An extremely common way to socially engineer user identity information is to send seemingly legitimate phishing emails to employees and get them to disclose their passwords.
User accounts that don’t have a valid owner within your organization are termed orphan accounts and they represent a significant security risk. Malicious insiders or outside hackers can both exploit orphaned accounts. Such accounts often persist on a network due to a lack of visibility over user accounts or reliance on manual de-provisioning.
3. Privilege Escalation
Whether due to poorly configured or inadequate access controls, privileged escalation is a method favoured by many attackers to get elevated rights on a network. The attack typically involves exploiting a standard user account and vertically increasing privileges to higher levels of access, such as those of a system administrator. With higher privileges comes more access to the type of sensitive information that intruders can exfiltrate from an organization’s network.
Combating Identity Attacks
With identity attacks continuing to grow in frequency and sophistication, there are some tools and methods within an IAM framework to combat such threats, such as:
- Least Privileges—only give users the access strictly need to perform their work.
- Multifactor Authentication—requires users to provide evidence from two distinct before authenticating access to resources on your network.
- Zero trust—use statistical analysis to determine behavioural anomalies in terms of the times people request access, the devices used, and the location. For example, infrequently used access that becomes much more frequently can indicate account compromise.
- User Lifecycle Management—incorporate automation into provisioning and de-provisioning so that you avoid orphaned accounts persisting on your network.
- Time-Restricted Access—grant time-restricted access for contractors and other temporary users.
Digital identity is an important and complex security construct that enables individuals to reap the benefits of the connected world. But fraudsters find it an equally lucrative attack vector and have found countless ways to exploit it. OmniDefend Identity and Access Management solution by Softex Incorporated has the requisite tools and capabilities to protect the digital identities of users, thereby ensuring secure and frictionless access to an organization’s information while