Five Lessons Learned From Okta’s Customer Support System Breach – ESW #340

We regularly cover significant breaches on this podcast, but it is rare that we have enough information about a major breach to cover in enough detail to devote an entire segment to. Today, we dive into lessons learned from the breach of Okta's customer support system that targeted some other major security vendors.

This is part of a troubling trend, where the target of an attack only serves as a jumping off point to other organizations. China's 2023 attack of Microsoft is an example of this. It was easier to attack Microsoft 365, one of the world's largest business SaaS platforms, than to go after each of the 25 individual targets these Chinese actors needed access to.

Traditionally, we've thought of lateral movement as something that happens within a network segment, or even within a single organization. Now, we're seeing lateral movement between SaaS platforms, between clouds, from third party vendors to customer, and even from open source project to open source adopters.

In this segment, we'll cover five key lessons learned from Okta's breach, from information shared by Okta and three of its customers: 1Password, Cloudflare, and BeyondTrust.

1. Protect Your Session Tokens
2. Monitor for Unusual Behavior
3. SaaS Vendors Are Common Targets
4. Zero Trust Principles Work
5. MFA Isn't a Binary (on or off) Control

Segment Resources

• https://www.valencesecurity.com/resources/blogs/five-lessons-learned-from-oktas-support-site-breach