Identity is security
Welcome to our latest edition of Access Granted Newsletter, our monthly roundup of the latest news in Identity and security. With so much noise out there, we’re here to surface the best so you can skip the rest.
Today’s topic > Identity is security. Earlier this month, thousands of security professionals gathered in San Francisco for RSA, one of the largest annual cybersecurity conferences in the world. (If you missed it, many of the sessions are now available on demand.) Here, we’ve curated recent headlines and resources at the intersection of cybersecurity and Identity to protect your business from emerging threats.
Digital transformation and Identity-based attacks. Cloud technologies have ushered in a new era of cyber threats, from phishing to malware. Defending against the new threat landscape in large part hinges on your approach to Identity. In a recent Fortune article, Okta CEO and Co-Founder Todd McKinnon said, “Identity is the front door to so many things digitally, whether it’s customer experience or employee experience, and these attacks are on the rise. In fact, 86% of data breaches involve an identity-based component.”
AI is a cybercriminal’s new best friend. Digital Identities have become a top target for cybercriminals, who continue to hone their credential-stealing craft using emerging AI technologies. Earlier this month, concerns over the threat of AI-based Identity attacks prompted the FBI to issue a warning, citing the increasingly sophisticated phishing and social engineering attacks enabled by AI. “Attackers are leveraging AI to craft highly convincing voice or video messages and emails to enable fraud schemes against individuals and businesses alike,” said FBI Special Agent in Charge Robert Tripp. “These sophisticated tactics can result in devastating financial losses, reputational damage, and compromise of sensitive data.”
Passwords put you at risk. If you’re like most people, you have roughly 240 digital accounts that require a password. Passwords aren’t just inconvenient to remember; they’re also one of the biggest security vulnerabilities facing businesses and individuals today. The risks of compromised credentials due to improper password hygiene, in addition to poor user experience and rising costs, have led many businesses to move beyond passwords.
Post-authentication attacks are on the rise. In an interview with Information Security Media Group at the RSA Conference, David Bradbury, Okta's chief security officer, described a significant shift in the cybersecurity battleground this year: Hackers have transitioned their focus from the login page to the post-authentication phase with session-cookie theft becoming a prevalent tactic.
Keeping a pulse on security best practices. Security breaches over the past few years have clearly shown that Identity is a significant attack vector for cybercriminals and nation-state threat actors. Staying one step ahead of the crooks requires staying up to date on the latest best practices. A couple resources to keep in your back pocket:
This checklist details 40 best practices to guard against Identity-based cyber attacks.
The Anatomy of Identity-Based Attacks whitepaper provides an in-depth look at the latest threats to your users.
The bottom line. It’s safe to say the threat landscape will continue to evolve as cybercriminals uncover new tools and techniques to evade security protections. To learn how Okta is going on offense with security and leading the fight against Identity attacks, read about the Okta Secure Identity Commitment and watch the Okta Showcase keynote on demand.