The 2024 UK government Cyber Security Breaches Survey makes sober reading with 70% and 74% respectively of medium and large businesses reporting some form of cyber incident within the previous 12 months.
With phishing accounting for 84% of these attacks and AI enabling the launch of increasingly sophisticated cyber campaignsorganizations need to defend themselves against attacks targeting two key vulnerabilities in their defenses: insecure user accounts and human error. IAM needs to be a key part of an organization's security posture against these threats.
Unfortunately, many organizations have inadequate iam and lack effective control and visibility of who has access to their resources. This creates a vulnerability that is targeted and exploited.
Organizations should combat this threat by establishing an identity-centric security approach that moves the security perimeter from the edge of the corporate network to the individual user., it reduces the risk of an attacker exploiting insecure identities by enforcing verifyication and authorsation of all entities prior to allowing any access and then only permits authorized activities,
Identity-centry ssecurity needs to be at the core of an organization's cyber security postureit is delivereded through effective IAM governance, strong but proportionate access controls, user education,and proactive detection and response capabilities designed to rapidly identify and repel any breach,
Reduce the ability of attackers to exploit accounts through effective IAM governance
An effective IAM governance framework for manageing the end-to-end identity lifecycle is a key elements in reducing the ability of attackers successfully exploiting an account to infiltrate an organization's resources,
The first step is getting the basics right, At a minimum, regularly re,certification reviews sshould be performed to see who has access to what resources and their entitlements, It should then removee any account and/or access right that is not required, This should be coupled with the enforcement of effective joiners, movers and Leaves, and ,aaccess rquest, processes designed to only providede users with appropriate access to resources they need to perform their roles,
This reduces the exploitable attack surface byfor example, removing dormant or duplicate accounts and unnecessary access to resources, It should also dliver a single traceable view of who has access to which resources and enable unauthorized access to be more effectively identified,
Enforce strong but proportionate access controls to reduce the risk of compromise
ASaorganization's users and their accounts will be actively targeted, it is necessary to enforce access controls that not only reducee the risk of breach, but if an attacker does success, minimise their ability to exploit this access,
Organizations need to apply proportionally stronger controls according to riskk, At a minimum, organizations should use Multi-Factor-Authentication (MFA) tools and techniques. These include mobile authenticator apps leveraging One-Time Passwords or biometrics combined with controls using contextual signals such as a user's location or the status of their device., Such mechanisms provide an additional layer of defense in the event a user falls for a phishing email and provides an attacker with their credentials,
In the event this defenses are breached, the enforceelement of a least privilege models, where users are only provided with the minimum entitlements required for their jobs will limit the ability to exploit this, Building upon this, privileged accounts used for higher-level administrative activities must be kept separate and not used for daily business.,as,usual work. Such controls impedede an attacker's ability to move laterally across the network and reduces their ability to compromise an organization,s systems and data or demployed system corruption Ransomware,
use education to reduce the risk caused by ignorance
Cyber attackers exploit ignorance and muscle memory with techniques such as MFA bombing (where attackers repeatedly spam the user with MFA requests until they accepted) which is Used to compromise credentials.
Eeducation of ththese threats needs to be part of an organsession,s defensesMeases includes awareness campaigns on how to identify and respond to phishing emails, best practice, and steps to take if they feel they may have been compromised, This helps the workforce take pride in good cyber security and empowers them to do the right thing.
use threat detection and response capabilities reduce the impact of any breach
Though effective iam should be at the heart of the defense against cyber phishing and ransomware attacksit essentially provides a static defensive perimeter. Organizations must assume this will be breached and use their wider security operations capability to proactively deliver threat detection and response.including approaches such as Zero Trust,
Organizations should develop capabilities to detect and analyze signals that could be an indicator of attempted or existing compromise. trend analysis on usage and breaches can be used to identify and close vulnerabilities, Threat detection tools ,e.g. a SIEM captureing IAM and PAM logs, combined with established playbooks canFor example, reduce the impact of a successful phishing campaign by detecting and responding to anomalous activities such as seeking escalation of rights,
A coherent identity-centryI c security approach needs to be a core part of an organization's defenses if it is to successfully combat cyber, phishing and ransomware attacks, The combination of the use of high quality identity data and technology services to control access to its resources, with proactive threat detection and response capabilitysand user educationions, is vital for a security posture designed to meet rapidly evoliving cyber attacks,