Gaining privileged access still the main target for cyber attackers

Despite the numerous identity security tools being implemented, attackers are still finding ways to gain privileged access to organizations. Social engineering attacks for example specifically target individuals whom cybercriminals know can enable them to get privileged access.

In fact, Budiman Tsjin, Solutions Engineering Manager for ASEAN at CyberArk pointed out that cyber attackers are establishing initial entry points into target organizations. Credential theft methods like spear-phishing and impersonation are as popular as ever.

In the second part of Tech Wire Asia’s conversation with Tsjin, he explains the common techniques attackers use to gain privilege access as well as the challenges in verifying digital identities.

What are the common techniques attackers are using to try to gain privileged access?

Budiman Tsjin, Solutions Engineering Manager, ASEAN at CyberArk

The global shift to remote work and e-learning, and large-scale investments in Software-as-a-Service (SaaS) and cloud services have brought about a surge in newfound technologies and identities. Companies have ramped up their investments in digital transformation.

The 2022 Verizon Data Breach Investigations Report (DBIR) found that 82% of breaches involved the human element, among which close to 40% of attacks are attributed to stolen credentials. Stolen credentials soared as the most common attack vector in 2021.

Since employees are increasingly conducting their personal lives online, it’s becoming easier for attackers to gather the necessary information required to execute their social engineering campaigns.

Cyber attackers have changed the individual targets of these social engineering attacks. Traditionally, adversaries focused their attention on IT admins with highly privileged access. But they’re now going after new user populations, from executives and software developers to end-user employees, including business users with direct access to sensitive data or systems the attacker is interested in.

Employees or contractors with high-value access are becoming more interesting targets for attackers for several reasons. Emphasis has also shifted to end-users on the edge because it’s becoming more difficult to compromise IT admin accounts. Many organizations are aware that damaging breaches occur when attackers obtain powerful admin credentials and have put strong controls in place through a privileged access management system. As more organizations move to a Zero Trust model, more endpoints connect to resources directly rather than being given broad access.

What are the challenges faced when it comes to verifying digital identities?

Most organizations have not prioritized the protection of critical data and assets. Instead, they’re moving full steam ahead with initiatives, such as full integration of complex IT infrastructures to the cloud-based systems. This could pose a significant risk to the protection of their data.

As the lines continue to blur between identity and privilege, organizations need ways to confidently verify that workforce identities can confirm that they are indeed who they say they are, that their devices are verified and that their access is intelligently limited to exactly what’s required.

This verification is done through adaptive multi-factor authentication and tools like single sign-on, coupled with behavior-based machine learning that can make intelligent access decisions in real-time based on user context and risk. When organizations adopt Zero Trust, this ensures every user’s identity is verified, their devices are validated, and their access is limited to just what they need – and taken away when they don’t.

Why are some businesses still struggling with adopting zero trust and other identity-based security approaches?

Some of the challenges arise due to an organization’s lack of resources and budget allocation for security solutions for their IT systems. In addition, finding the right aspects of cybersecurity to prioritize can present significant challenges. Organizations often lack sufficient resources to deal with emerging threats from both a personnel and budget standpoint.

Thus, it’s important to think about how security can be a business enabler, and not a blocker, for an organization. If you’re a security leader, you want to help drive the conversation with leaders from the business side about the value of applying strong cybersecurity to modern technologies, not only to mitigate risk and maintain a strong security posture but also to improve operational efficiencies.

Another area of concern is the lack of C-level buy-in for the adoption of Zero Trust. While we have seen an improvement in this area, over the past year or so, especially in the Asia Pacific region, there is still room for improvement.

By setting the right tone from the top, an organization can help to ensure the successful deployment of Identity Security controls across the enterprise. Although security will drive the project, the affected systems are owned by the business and will require cross-functional support.

Some stakeholders will balk at the changes that have to be made, such as giving up access rights or following new processes that may cause additional inconveniences. Aside from having a clear direction from leadership, change management is also crucial to get buy-in from employees and increasing the adoption of security tools within the organization, thus improving the organization’s overall security posture.

Lastly, how is CyberArk helping businesses improve their digital trust?

Today, for every human identity, there are 45 machine identities, and over half of an organization’s workforce has access to sensitive corporate data. These human and machine identities represent an expanded attack surface that adds pressure to mounting cybersecurity insurance and compliance requirements.

These challenges call for advanced Identity Security solutions architected for the evolving threat landscape with the ability to enforce least privilege. Identity Security seamlessly secures access for all identities, and flexibly automates the identity lifecycle, with continuous threat detection and protection – all with a unified approach.