There was an interesting series of events that cascaded into a rather devastating compromise for Okta recently.
What happened to Okta?
A cyberattacker had access to a Sitel support engineer’s laptop. (Sitel are a Miami-based Okta vendor.) Okta’s security team received a notification stating that a suspicious authentication attempt had been made. Within an hour and a half, the wrongly authenticated user had been blocked, and the account had been suspended. Quick reactions right? Unfortunately, the cyberattacker had access for five days prior to the false authentication attempt.
The attacker had access to all of the following private, and sensitive datasets:
Okta’s internal instances of Jira, Slack, Splunk, RingCentral, and support tickets through Salesforce that included sensitive customer information. The attacker even had limited access to an internally-built application called SuperUser, used to perform basic management functions for Okta customers.
This is an example of how security silos exist in most organisations, and the relationships between their internal applications. This ‘setup’ can lead to devastating cyber breaches, particularly where these aren’t properly managed or governed in the manner that a joined up solution would!
Advice from Quantum AI
The experience that we would pass on, is to review the relationships between the current applications and create ‘trusted’ users with secure permissions. In carefully designed solutions; employee governance, which includes their identity, their permissions, and their roles, accumulate to provide a set of credentials that apply across the enterprise. This, of course, depends upon data access, the application, and the sensitivity of the information, along with the internal business structure of teams, and employees within those teams.
How can we stay protected?
At Quantum AI, we have given much time in the design and build of our various platforms, and this particular area of expertise, which is a challenge to many, is one that we have embraced wholeheartedly. In its first instance, bringing IAM and PAM with intelligence and governance, has led to CIP; an intelligent converged identity platform addressing so many of the gaps associated with siloed applications. Secondly, by harnessing the power of BPA and the evolution of RPA, we have designed a Cyber-focussed DPA platform, that addresses both solutions with secure self-learning intelligence. This DPA is powered by our machine learning tools and is being packaged into a user-friendly, secure platform.
Key:
CIP – Converged Identity Platform
DPA – Digital Process Automation
BPA – Business Process Automation
IAM – Identity Access Management
RPA – Robotic Process Automation
PAM – Privilege Access Management
SPA – Security Process Automation
