A deepfake is a form of media, such as a photo or video, generated by Artificial Intelligence (AI) to depict real or non-existent people performing actions
Cloud computing, widespread distributed work, hyper-digital supply chains, and the rapidly rising number of connected devices provide threat actors with more potential entry points into organizational networks than ever before – and they’re leveraging stolen user credentials to breach them, according to a recent Gartner blog discussing the top cybersecurity trends for 2022.
It’s Not Just One Thing; It’s Everything
Identity and Access Management (IAM) systems are, as Gartner put it, “under sustained attack” as organizations’ digital footprints rapidly expand, making network perimeters obsolete.
Compromised employee login credentials have long been the favored attack route for cyber threat actors, and they’re more vulnerable now than they were pre-pandemic. Gartner points out that about 60% of knowledge workers are still remote, and predicts that 18% will never return to the office. In contrast, pre-pandemic, only 6% of the workforce was primarily remote, and about 75% had never worked remotely. Two years into this new reality, IT administrators are still struggling with securing remote workforces, particularly employee password practices.
However, as Gartner notes, employee password practices are only one piece of a much bigger picture. Today’s organizations are highly dependent on a multitude of third-party vendors that provide software and IT services, requiring them to have access to organizational networks and data. This has resulted in a string of high-profile supply chain cyber attacks, from the NotPetya worm in 2017 to the SolarWinds attack in 2020. As these attacks have demonstrated, a supply chain vendor with a poor security posture is as much of an “insider threat” as a careless or malicious insider.
Further, the exponential growth of cloud computing, edge computing, microservices, and Internet of Things (IoT) devices mean that more devices and applications are connecting to organizational networks than ever before. This includes Operational Technology (OT), the highly specialized hardware and software solutions used by modern manufacturers and in critical infrastructure. These applications and devices connect using what’s known as infrastructure “secrets” (machine-to-machine credentials such as API keys, database passwords, and digital certificates). Securing secrets is just as critical as securing employee and vendor logins.
A Holistic Approach to IAM Begins with Zero Trust
Since IAM threats do not exist in silos, cybersecurity defenses must be holistic, spanning not just employee logins but also logins used by vendors and IT secrets used by applications and connected devices.
A holistic approach to IAM begins with a zero-trust network access model. Instead of implicitly trusting all users and devices within the network perimeter, zero trust doesn’t trust any of them. Zero trust assumes that all users and devices could potentially be compromised, and every user, whether a human, application or machine, must be verified before they can access the network.
Deployed properly, zero-trust network access gives IT administrators full visibility into all users, systems, and devices. People, applications, and services can communicate securely, even across network environments. This greatly reduces the risk of password-related cyber attacks, as well as the risk of privilege escalation if the network does get breached. The organization’s attack surface is minimized, and the data environment is far more secure overall.
As the world grows increasingly connected, and data environments become ever more complex, zero-trust enables organizations to take a holistic approach to IAM and secure all connections to their networks.
Keeper’s zero-trust and zero-knowledge password management and cybersecurity platform provides organizations with total visibility and control over employee password practices they need to successfully defend against the most common attacks. IT administrators can secure, monitor and control passwords and secrets use across the entire organization, both remote and on-prem, and set up and enforce 2FA, RBAC and least-privilege access.
Not a Keeper customer yet? Sign up for a 14-day free trial now! Want to find out more about how Keeper can help your organization prevent data breaches? Reach out to our team today.