Cloud computing, widespread distributed working, hyper-digital supply chains, and the proliferation of connected devices offer threat actors more potential entry points into enterprise networks than ever before. […]
And they're using stolen user credentials to break into them, according to a recent Gartner blog discussing top cybersecurity trends for 2022.
It's not just about one thing, it's about everything
Identity and access management systems (IAM) are, as Gartner puts it, “under sustained attack” as companies' digital footprints expand rapidly and network boundaries become obsolete.
Compromised employee credentials have long been the preferred avenue of attack for cyber threat actors and they are now even more vulnerable than before the pandemic. Gartner points out that about 60% of knowledge workers are still working remotely and predicts that 18% will never work from the office again. In contrast, before the pandemic, only 6% of the workforce primarily worked remotely, and about 75% had never worked remotely before. Two years into these new conditions, IT admins are still struggling to secure remote workers, particularly employee password practices.
However, as Gartner notes, employee password practices are just one part of a much larger whole. Businesses today are highly dependent on a variety of third parties who provide software and IT services and need access to corporate networks and data. This has led to a series of high-profile supply chain cyberattacks, from the NotPetya worm in 2017 to the SolarWinds attack in 2020. As these attacks have shown, an under-secured supply chain vendor is just as big an “insider threat.” ' like a careless or malicious insider.
Additionally, the exponential growth of cloud computing, edge computing, microservices, and Internet of Things (IoT) devices means more devices and applications are connected to enterprise networks than ever before. This also includes operational technology (OT), i.e. the highly specialized hardware and software solutions used by modern manufacturers and in critical infrastructures. These applications and devices connect using so-called infrastructure “secrets” (machine-to-machine credentials such as API keys, database passwords, and digital certificates). Securing secrets is just as important as securing employee and supplier logins.
A holistic approach to IAM starts with Zero Trust
Because IAM threats do not exist in isolation, cybersecurity defenses must be holistic, encompassing not just employee logins but also supplier logins and IT secrets of applications and connected devices.
A holistic approach to IAM starts with a Zero Trust zero network access model. Instead of implicitly trusting all users and devices on a network, Zero Trust trusts none of them. Zero Trust assumes that all users and devices could potentially be compromised and every user, whether human, application or machine, must be verified before a network can be accessed.
When properly implemented, Zero Trust network access gives IT administrators a complete view of all users, systems and devices. People, applications and services can communicate securely, even across network environments. This significantly reduces the risk of password-related cyberattacks, as well as the risk of privilege escalation in the event of a network breach. The company's attack surface is minimized and the overall data environment is much more secure.
As the world becomes more connected and data environments more complex, Zero Trust enables organizations to take a holistic approach to IAM and secure all connections to their networks.
Keeper's zero-trust, zero-knowledge password management and cybersecurity platform gives organizations the complete visibility and control over their employees' password practices they need to successfully defend against the most common attacks. IT admins can secure, monitor and control the use of passwords and secrets across the organization, both remotely and on-premises, and set up and enforce 2FA, RBAC and principle of least privilege access (POLP).
Not a Keeper customer yet? Sign up now for a 14-day free trial! Want to learn more about how Keeper can help your organization prevent security breaches? Get in touch with our team today.