By Richard Bird
The cybersecurity threat landscape of 2021 is one that’s kept many organisations on edge. Everything from supply chain and ransomware attacks to email compromise and fraud cases have caused widespread disruption and losses.
Indeed, the year started out with fallout from one of the largest cybersecurity attacks ever mounted. This had occurred during 2020 when production software created by US-based firm Solarwinds was accessed and altered by cybercriminals.
Unbeknown to Solarwinds, malicious code was injected into the software that was subsequently distributed to customers. Some of those were among the world’s largest organisations including the US government, Microsoft, Intel, and Cisco.
Many people believed that this incident was caused by cyber criminals who had somehow managed to hack into Solarwinds’ infrastructure and inject the code, however that was not actually the case.
The incident actually started when cybercriminals used privileged credential elevation to gain access into the company’s systems. The criminals had been able to obtain the credentials of a legitimate Solarwinds employee and use them to transact is if they worked for the company.
In early 2021, Microsoft revealed that it had been exposed to additional exploits as a result of the Solarwinds breach. The software giant reported source code had been stolen including some components of the company’s Azure, Intune, and Exchange products and many of those components were then leveraged as part of some ongoing security challenges the company is facing.
Once again, this attack did not begin with the successful hacking of Microsoft’s network security. It began with privileged credential escalation that allowed cybercriminals inside Microsoft’s systems to act like they were someone authorised to be there.
The rise of ransomware
When you look at how ransomware threats are evolving, there have been some high-profile examples during 2021. These included US-based Colonial Pipeline which suffered significant disruption to its oil and gas infrastructure after an attack. Also, international meat processing company JBS had to suspend operations after suffering a ransomware attack.
It should be remembered that ransomware is not something that starts with a ransom demand. It has to be enabled through the undertaking of some type of execution by a criminal that is achieved through the use of privileged credential escalation.
Often, this access is achieved by a cybercriminal using a social engineering or phishing attack through which they obtain credentials such as passwords and use them to enter the organisation’s IT infrastructure.
The importance of digital identity
When you consider the cybersecurity challenges faced today, digital identity sits at the very core. This fact was highlighted in the 2021 Verizon Data Breach Incident Report that showed 85% of all breaches involve a human element.
Of all the incidents covered by the report, 61% involved misuse of credentials while only 3% involved vulnerability exploitation. This is not the way the challenge is usually reported by the media, but it shows clearly where IT security defences are lacking.
The way forward
In the past, IT security has been delivered through the creation of a multi-layered architecture. Under this approach, core systems and assets sit at the centre and are protected by layers including data, application, endpoint, network, and perimeter security measures.
Now increasing numbers of organisations are realising the benefits of putting humans at the centre of this picture instead.
This is not to say it is best to get rid of the layers of security that currently exist. The companies that are getting it right are the ones that have realised they need to offer similar protection to their staff in order to more effectively protect data and digital assets.
This more modern and effective security framework puts identity and people at the very core. Attention can then be given to the resources that those people are accessing These resources include devices, networks, applications, services, and data.
It needs to be remembered that, if you protect applications and data but not the person who is using them, it leaves a significant weakness in your IT security defence shield.
This approach also involves the adoption of a strategy of ‘adaptive authentication. Rather than basing identity confirmation on one or two factors, many more factors can be added to the mix so that a person can be identified in a much more effective way.
Also, authentication should be used not just at the start of a transaction, but at many points during that transaction. Doing this will help to significantly reduce the volume and severity of attacks that end up being successful.
The cyber threat landscape will continue to evolve during the coming months, and the organisations best able to survive will be those who place digital identity at the very core of their defences.
Richard Bird is Chief Customer Information Officer at Ping Identity