March 23, 2022//Isa JonesLast Updated: July 25, 2022
Chances are you know of, or have even used, Okta. The authentication and identity management software is almost ubiquitous, offering multi-factor authentication for single users across large organizations. Unfortunately, Okta was the subject of a security breach back in January. While there is no evidence of ongoing malicious activity, according to the company, there are still a few lessons other organizations can learn from this cyber incident.
It began with a photo. A hacking group, Lapsus$, posted pictures online of Okta’s internal systems, claiming to have found a way in. The group stated that they weren’t interested in Okta, but were instead utilizing it as a hallway, searching for doors to one of the thousands of organizations Okta works with, including major organizations like GoDaddy, Cloudflare, Peloton, and Chipotle.
According to an article by CNBC, Okta became aware of the incident back in January, but it had been contained.
They had “detected an attempt to compromise the account of a third party customer support engineer working for one of our subprocessors in January,” the article stated.
Not only was Okta breached via a third party, the hackers were using Okta as a third party of sorts to connect them to much bigger fish in the cyber attack sea.
This security incident, while thankfully was mitigated, only highlights how third parties continue to be a lucrative attack vector for bad actors, and even major companies, like Okta, are vulnerable.
The third-party point of access continues to be the highest risk point for any organization. Organizations often give third parties too much access, lack visibility into the access of those organizations, and often struggle to control and manage third-party access. With more and more organizations connecting to each other (especially software companies like Okta), the risk just increases access point by access point.
In addition, third parties operate as basically a hallway, allowing hackers to move laterally from one organization to another. The cyber attackers were not interested in Okta, they were interested in who Okta was connected to. Okta itself also relies on third parties, like customer support engineers, who could be breached. Once a hacker finds a way in, if all access points are not secure, they find themselves greeted by a hallway of unlocked doors, and each one could open to a lucrative scenario.
Many organizations continue to only protect themselves externally, relying on an outdated moat-and-castle method of cyber security. While protecting that external access is important, equally important is securing every critical access point within a system. If not, the attack surface is vast, and hackers could have a field day.
Critical Access Management, or the control and management of vital access points, systems, data, and assets, is the future of cybersecurity, and crucial for all organizations — especially those who rely on many third parties (like supply chains, critical infrastructure, healthcare, and government entities).
All organizations, no matter the industry or size, need to develop robust access policies, manage access through fine-grained controls, monitor access as possible, and make sure they have visibility, insight, and the ability to manage and control third-party access.
Access is everything, and as Okta just showed, a bad actor gaining just a tiny bit of it can create massive consequences.