4 steps to increase security with trusted identities
Digital transformation and hybrid workplaces have made organizations more vulnerable than ever. Users are connecting to servers and resources from unsecured networks, with an increase in identity-based attacks and thefts. Establishing that a requester is who they claim to be has become crucial in protecting organizations' assets.
Extending an organization's infrastructure to include home and public networks, where laptops and devices running under limited control is a challenge for IT-organizations all over the world.
Many governments and organizations are requiring trusted identities as part of their cybersecurity strategy, with the challenge to protect identities from being compromised. An attacker that manages to compromise a user account, will try to move laterally within the network, searching for new resources with value to exploit.
Identity-based attacks are increasing:
- Microsoft states that they have seen a 300% rise in identity-based attacks in the past year
- 45% of CISOs report seeing an increase in phishing campaigns and identity fraud
- There have been 4.9 billion attack-driven sign-ins and 150.000 compromised accounts in one month (March 2020)
The statements above are alarming, however, there are some basic functions needed to limit the risk of becoming compromised.
Microsoft mentions two risks: User Risk, where the probability that the user identity has been compromised, and Sign-In Risk, where the probability that authentication was not authorized by the user. Using a strategy that enables a Zero Trust security model, where you only trust identities that have been authenticated based on multi-factor authentication to all resources is needed.
These steps will increase security:
- Block all access to resources except authenticated and authorized traffic
- Implement multi-factor authentication for users
- A secure on-boarding - off-boarding process
- Access control for all systems, based on SAML, Open-ID connect or similar
Following a mindset of "don't trust anyone or anything" before it is securely identified, is a good start to a healthy IT-strategy. Learn more about how Nexus Smart ID can support your organization's zero trust security efforts.