Ransomware and Supply Chain Risks Compromise Identities
To be effective, identity protection must be part of a holistic, layered defense strategy offering a specific threat response for ransomware attacks and supply chain risks that compromise identities.
For example, ransomware attacks have two key elements: code execution and stolen credentials. The attacker sends a phishing email to an employee, who clicks on an attachment and downloads malware to the system. The attacker then moves throughout an organization’s network with the employee’s identity. If an agency does not have tools to address both elements of the ransomware attack, it can be a challenge to stop it.
Compromised credentials are a part of supply chain attacks as well. As such, identity protection must fit into an overall information security strategy and platform along with endpoint protection, data protection and cloud security.
As state and local CIOs and security teams think about how to align identity protection within their overall enterprise, here are three best practices to consider:
1. Visualize Identity Assets
IT and security teams should identify all their identity assets and all potential attack surfaces. For example, legacy systems might not have the ability to support multifactor authentication, which is a huge risk. Multicloud environments or administrators working from home are also potentially vulnerable.
Microsoft’s Active Directory, which enables administrators to manage permissions and access to network resources, is complex. It can be difficult for administrators to determine all the user identities in the directory service. Often, many service accounts are nonhuman identities tied to applications, and some administrators might not be aware that these accounts exist. Security teams need to actively monitor all accounts and identities within Active Directory to determine if owners are using these accounts.