How to use zero trust and IAM to defend against cyberattacks in an economic downturn

Despite double-digit budget increases, CISOs and their teams are scrambling to contain increased internal breaches, embezzlement and fraud. Identities are the attack vector of choice during a recession, exacerbated by inflationary costs driving up the cost of living, making phishing emails’ false claims of easy money all the more alluring.

As one CISO confided to VentureBeat in a recent interview, “recessions make the revenue-risk aspects of a zero-trust business case real, showing why securing identities deserves urgency.”

The latest Falcon OverWatch Threat Hunting Report illustrates how attack strategies aim for identities first. “A key finding from the report was that upwards of 60% of interactive intrusions observed by OverWatch involved the use of valid credentials, which continue to be abused by adversaries to facilitate initial access and lateral movement,” said Param Singh, VP of Falcon OverWatch at CrowdStrike.

CrowdStrike’s acquisition of Reposify reflects how leading cybersecurity platform vendors concentrate on adopting new technologies to provide external attack surface management while protecting enterprises against internal threats.

Reposify scans the web daily for exposed assets, enabling enterprises to have visibility over them and defining which actions they need to take to remediate them. At last year’s Fal.Con event, CrowdStrike announced plans to use Reposify’s technology to help its customers stop internal attacks.

Identity attacks soar in a down economy

Identity-based breaches interrupted 78% of enterprises’ operations last year, and 84% said they experienced an identity-related breach.

Identities are a core attack vector for attackers in a down economy; their strategies are to gain control of an organization. Attackers’ favorite targets are legacy identity and privileged access management systems that rely on perimeter-based security that often hasn’t been updated in years. Once in, attackers immediately grab admin rights, create fraudulent identities and begin exfiltrating financial data while attempting cash transfers.

Attackers are using ChatGPT to fine-tune social engineering attacks at scale and mine the data to launch whale phishing attacks. Ivanti’s State of Security Preparedness 2023 Report found that nearly one in three CEOs and members of senior management have fallen victim to phishing scams, either by clicking on the same link or sending money.

Identities are under siege during periods of economic uncertainty and recessions. CISOs fear that internal employees will be duped out of their passwords and privileged access credentials by social engineering and phishing attacks — or worse, that they may go rogue.

CISOs, internal security analysts staffing security operations centers (SOCs) and zero-trust leaders have told VentureBeat that a rogue IT employee with admin privileges is their worst nightmare.

Snowden a cautionary tale

Those CISOs willing to discuss the issue with VentureBeat all referenced Edward Snowden’s book Permanent Record as an example of why they’re so concerned about rogue attackers.

One CISO cited the passage: “Any analyst at any time can target anyone. Any selector, anywhere I, sitting at my desk, certainly had the authorities to wiretap anyone, from you or your accountant to a federal judge, to even the President.”

“We’re always looking for fuel to keep our senior executives and board funding zero trust, and the passages in Snowden’s book are effective in accomplishing that task,” one cybersecurity director told VentureBeat.

A core tenant of zero trust is monitoring everything. The Snowden book provides a cautionary tale of why that is essential.

System and security admins interviewed by VentureBeat admit that internally launched cyberattacks are the hardest to identify and contain. A stunning 92% of security leaders say internal attacks are equally as complex or more challenging to identify than external attacks. And, 74% of enterprises say insider attacks have become more frequent; more than half have experienced an insider threat in the last year, and 8% have experienced more than 20 internal attacks…

Read Full Source: VentureBeat

By Louis Columbus