IDMWORKS’ Identity Security Experts Share Steps Every Company Should Take to Strengthen Cyber Resilience with IAM Solutions and Best Practices
Author:
Brent Robinson, Director of Strategic Assessments
Several news outlets reported early Tuesday morning about an “attempted hack” on Okta services after a hacking group known as Lapsus$ claimed responsibility and posted several photographs of Okta’s internal systems on their Telegram channel. Okta CEO Todd McKinnon tweeted that the company believes the report to be related to an attempted hack saying, “in late January 2022, Okta detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors.” McKinnon also added that Okta had contained the attempt in January and that “there is no evidence of ongoing malicious activity beyond the activity detected in January.”
In a later update, Okta shared that they are actively continuing their investigation, including identifying and contacting those customers that may have been impacted. Okta provided clarification that the attempted hack has no impact on Auth0 customers or HIPAA and FedRAMP customers.
As we continue to advise and collaborate with our customers who may have been affected, we see a couple of consistent responses:
· proactively employing quick remediating actions such as resetting the passwords for their internal users of Okta and terminating any active Okta sessions
· performing forensic analyses searching for evidence of potential anomalous activity in their own environments
As of this writing, the extent of the attempted Okta hack is still unknown; one thing is clear – companies must layer security controls as they develop, maintain, and strengthen their security posture.
In addition to the above actions, several best practices and technologies in the Identity and Access Management (IAM) space facilitate the detection of and often prevent a compromise, or at the very least limit the attack surface and the amount of data that a hacker can reach.
One such measure is implementing a Privileged Access Management (PAM) solution. PAM solutions provide a space for a company’s users to securely house sensitive credentials. Many PAM offerings also provide additional logging, monitoring, and behavioral analytics functionality for actions taken within the PAM system and potentially to servers or applications accessed via the credentials housed in the PAM system.
Experts also recommend security and risk dashboards containing information from logs or metric data received from a PAM system or identity provider such as Okta. Such dashboards can significantly increase a company’s awareness of potential attacks or areas of compromise to better focus preventative and containment efforts.
Additional best practices that serve to diminish the attack surface and close doors to would-be hackers include
· the rotation of user and service account passwords at regular intervals
· the performance of standard reviews of both access and the number of administrators required per system
· considerations for the implementation of Just-In-Time access rather than continual elevated access
· the timely detection and removal of access for stale, disabled, uncorrelated, unauthorized, and especially terminated user accounts
Many of these practices can be automated via various IAM tools, allowing a company to realize operational efficiencies while increasing the security posture.