Urgent need for organizations to adopt identity security for cyber defense
Article by Lim Teck Wee, Head of ASEAN, CyberArk
In the past few months and years during the pandemic, we have been reminded of the need to adopt safe password practices and train employees not to click on phishing links. Cybersecurity has come to the forefront and is once again in the spotlight during the Singapore International Cyber Week (SICW).
Singapore’s Senior Minister and Coordinating Minister for National Security, Teo Chee Hean, announced plans to develop the next-generation National Cyber Security Centre (NCSC), which will feature tighter integration with Critical Information Infrastructure (CII) owners and Sector Leads which includes the government, healthcare, banking and finance and Infocomm. A new inter-agency task force was also formed to help businesses and research and educational institutions in Singapore to protect themselves against ransomware.
As evident from numerous data breaches, organizations that hold significant volumes of personally identifiable information (PII) are attractive targets for attackers. Furthermore, with geopolitical tensions now being played out in the cyber realm, organizations involved in matters of national security and critical infrastructure are even more likely to be targeted. Hence, it is non-negotiable that security capabilities be stepped up to secure sensitive operations and data. On top of that, organizations are finding it hard to strike a balance between ensuring secure access and providing a seamless user experience for increased productivity and efficiency.
One of the most essential components of boosting cyber resilience is identity security. Identities – both human and machine – that are not properly secured can act as a gateway for attackers to compromise systems. Identity security enforces Zero Trust by providing all identities with the least privilege and just-in-time access to the right resources needed to fulfil their duties without causing friction and compromising their user experience.
The importance of a Zero Trust strategy was echoed by Singapore’s Communications and Information Minister, Josephine Teo, at the Tallinn Digital Summit. The minister stressed a need to shift our cybersecurity posture from emphasizing preventative measures to an “assume breach” mindset as well as putting an equal focus on recovery to build resilience in Singapore’s cybersecurity systems.
Reinforcing key workforce risk areas through identity security
Securing identities is about focusing on five key areas, securing them with practical identity-centric defensive layers from being exploited by threat actors. They include:
- Weak and disruptive authentication mechanisms. Data breaches typically happen because of compromised passwords or credentials, making single-factor authentication an ineffective strategy for securing company resources. Multi-factor authentication (MFA) has become the baseline for verifying user or device identity. However, attackers are finding new ways to circumvent MFA policies such as tampering with QR codes, hijacking cookies or “fatiguing” the user with MFA bombing. Behavioral analytics can help organizations understand their user’s access patterns and identify risk behaviors so that users do not have to go through extra authentication layers unless necessary. If the smart controls detect suspicious activity, they can take action by presenting additional authentication mechanisms and shutting attackers out if they fail.
- Unprotected endpoints. Poorly guarded endpoints with no identity security, including desktops and servers, can act as a gateway for attackers to steal credentials and exploit over-privileged accounts. To counter this problem, organizations need to use an adaptive form of MFA with endpoint privilege accounts to secure access for devices and machines that are using the organization’s resources.
- High-risk business applications. With users having access to multiple applications containing sensitive data, there is a risk of users misusing or abusing their access to attack systems. Implementing security controls can help IT teams monitor, record and audit users after authentication. This enhanced visibility can benefit security teams on many fronts.
- Third-party vendors. External vendors can act as extensions for organizations’ operations and they will have admin-level access to internal systems. However, they can also represent an attack vector that requires just as much attention as internal users. To secure third-party users, organizations can implement third-party privileged access vetting and monitoring to assess their risk levels, even if they are using their own devices to access the systems.
- Credentials outside of single sign-on. Users are finding it difficult to manage different passwords and credentials to access various programs and services. Simultaneously, these credentials are stored in unsecured locations or shared with colleagues, which can increase the risk of identity compromise. To account for credentials that are outside the system, organizations and agencies need to store them inside enterprise-level, vault-based storage protected by strong privilege controls. This way, users will be able to retrieve their credentials quickly and securely in order to fulfil their duties.
In the face of increasing cyberattacks, it’s now a must for organizations to establish a proactive cybersecurity program. Identity security is an important discipline to keep critical data and operations protected. With this approach in place, organizations to which we entrust our personal information stand the best possible chance of protecting it in the face of attacker innovation.
The views in this article is that of the author and may not reflect the views of Tech Wire Asia