researchHQ Key Takeaways:
- Effective identity and access management (IAM) requires clearly defined access controls.
- Opportunistic attackers are benefiting from increased remote working & lack of phishing awareness during the global crisis.
- Additional authentication factors help organisations protect against the use of publicly available data to gain access to sensitive company or customer data.
- The expansion of remote working has increased cloud reliance and vulnerabilities.
- Organisations can strategically address modern security threats by prioritising best security practices, maintaining employee training, and IAM flexibility and awareness.
One of the realities that 2020 has ushered in is that of changing user demands for the work from home employee across all regions and industries. This may seem obvious, but one thing that is not always as obvious is how to properly manage and maintain identity and access management (IAM) within these organizations. Despite the struggles many organizations face, the importance of properly defined access controls in the cloud cannot be overstated. In fact, in a recent study, 59% of organizations have had privileged cloud credentials phished. As more companies transition to a work from home model, effectively securing users has only grown in complexity. There are real risks for organizations to be aware of, in a recent FBI report it was noted that three-quarters of cloud breaches include stolen cloud credentials. In the Oracle and KPMG Cloud Threat Report’s third installment, Addressing Cyber Risk and Fraud in the Cloud, we learn that attackers are taking the current global crisis as an added opportunity to catch an organization or user off guard. As many employees begin working from home for the first time in their careers, they are susceptible to phishing attacks. Many of these phishing attempts include malicious email and phone scam campaigns targeting key employees to give up sensitive business information, PII or credential information. These attacks are sophisticated and often include very personalized notes and well-designed pages, making it difficult for employees to detect a problem. The damage is further exacerbated by the fact that the victims of these phishing attacks often have privileged accounts or titles of influence.
Let’s explore the story in the a little further, take Lisa, a VP of Finance at a large company. Her information, on LinkedIn offers everything an attacker needs to reach out to her. The attacker lifts relevant details such as her org structure and the relevant titles and names of those who would be responsible for sending out critical service warnings and formulates an email. Lisa receives an email requesting an account verification to her finance account. Lisa is not alarmed by this request, especially now that she is working from home, Lisa fills out the bogus form and the attacker is in. Now, using Lisa’s account, the attacker can reach out to her team members asking them to process transactions to accounts that the attacker has set up using her stolen account. Just like that, the attacker has made off with company data and funds.