Rarely a day goes by without cybersecurity in the news. Whether it’s another ransomware attack, data breach, or leaked information on the dark web, the cyberthreat landscape is ever-changing – and it’s an ongoing battle to stay ahead. As a global Managed Detection and Response (MDR) provider, we see trillions of security events come through every day. While many of these incidents have little risk, throughout the years, we have seen several notable security attacks.
One of the biggest surprises we have observed this year is an 275% increase in identity attacks. We have also seen a nearly 50% increase in hands-on intrusion hacking post unauthorized authenticated access. In years past, attackers focused primarily on big organizations or specific industries, but today, they target a broader range of companies including different verticals, small and mid-size organizations, local governments, and education providers. Gartner has highlighted the threat to identity systems (calling it “the new perimeter”), and in their “Top Trends in Cybersecurity” report, listing Identity Threat Detection and Response as a top priority objective for companies to focus on.
So, what can you do?
We have all heard about the need for long and complex passwords to reduce risk; however, experience shows that often times, these are so difficult to remember that users have the same password for multiple applications, both corporate and personal. It is commonplace for people to utilize their company email address as a username for social media sites or common commercial applications, like a golf scheduling website, while using the same password from company applications. The risk becomes apparent when one of these commercial sites gets hacked (and we know how frequently they do), and now their user data – and access to your networks – gets compromised too. As a CEO, this risk is often on my mind, and no amount of cybersecurity training (which is a critical requirement in any organization) will alleviate it. At Proficio, we continuously monitor the dark web and too often discover our corporate clients compromised email passwords available on the dark web. This is a helpful step to protecting user identities, but it is no longer enough.
When it first was launched, Multi-Factor Authentication (MFA) was going to be the answer to solving identity compromise. However, as great as a solution as it is, it still seems a lot of organizations aren’t taking advantage of it. Of all the enterprises we speak to, we see that many are not using MFA, or at least not using it for all access. And we’ve all seen the recent high-profile compromises of MFA systems. Attackers will always find a way to compromise new security controls given enough time, resources, and focus.
Having great protections in place is a great start, but it’s time for organizations to add another layer of protection. Threat detection and response for identity attacks has proven to be exponentially more critical to protecting enterprises and preventing business disruption. More importantly, quick actions need to be taken. But many companies struggle to respond to compromises fast enough, if they have to create tickets and wait for multiple teams to suspend accounts or isolate endpoints, leaving time for attackers to do lateral propagation, steal data, or disrupt business. Response automation and orchestration is essential to protecting organizations in a cybersecurity environment where speed wins in the battle between attacker and defender.
That’s why we introduced our Identity Threat Detection and Response (ITDR) solution, a first in the MDR industry. Proficio’s solution aims to solve this problem. Our ITDR service detects attacks or compromises to your identity for any application that is managed by your Identity and Access Management (IAM) platform and enables automatic or orchestrated response actions like suspending the compromised user account. We continuously add new identity threat detection use case rules and machine learning models, detecting attacks on O365/M365, VPN, Domain Controller, SaaS, IAM and more. Our Active Defense service can also orchestrate your Endpoint Detection and Response (EDR) platform to isolate an endpoint or communicate to your firewall to block an IP address.
To learn more about how Proficio can help your organization stay better protected, contact us.