In a world of growing data breaches where enterprises are being hit constantly by phishing, malware and other attacks on all aspects of their environment, one variable remains constant: compromised credentials remain the most popular vector of attack.
Of the $75 billion being spent on information security this year, just $5 billion is being channeled to identity security products, despite the fact that 66 to 80 percent of attacks are identity related.
While there are a myriad of reasons why attacks occur, the bottom line is that the vast majority of these attacks could be less successful or stopped if just two security vulnerabilities were addressed: there are too many passwords and users have too many privileges.
A major botnet that brought down a number of major websites last year was successful because the devices that made up the botnet used default logins and passwords. This made them easily accessible to attackers who compromised the devices and incorporated them into the botnet.
User education also can be an important component to identity management. Centrify employees constantly get emails – purportedly from me – asking them either to wire funds to an unknown bank or send a file with employee personal data, such as employment records with Social Security numbers. While these emails are obviously fraudulent, the email recipient can easily confirm the legitimacy of the missive simply by calling me to confirm if indeed I made such a request.
Such emails require no malware or viruses to be installed on systems; the attackers get an employee to do the attack for them simply by asking.
Two recent reports underscore the importance of implementing a mature identity management strategy. The first was the Verizon's “2016 Data Breach Investigations Report,” which noted that two-thirds of all breaches are due to stolen credentials. The second, a report from Forrester released in January, said 80 percent of breaches involved the misuse of elevated privileges, such as those used by systems administrators, super users, and those with root access.
Implementing a least privilege approach could reduce the severity of a breach significantly.
Attacks are inevitable. Successful attacks are not – if appropriate identity management strategies are put in place. The damage from attacks can be reduced significantly if you reduce the number of identities each user has, with each identity requiring a separate set of login credentials, and limit users and administrators to just the privileges they require.