What the Okta data breach can teach us about defending against cybercrime
What the Okta data breach can teach us about defending against cybercrime

Michael Arov

ABOUT US

Cytek Security provides state-of-the-art cybersecurity solutions, delivered by the world’s top cyber experts. This includes advisory and implementation services, managed security services, and capability building.

In a trend that is sure to be worrying businesses around the world, news of another major cyber-attack once again dominated headlines in recent weeks, as customer and workforce identity company Okta’s suffered a high-profile, high-damage cybersecurity breach.

The attack, which saw sensitive customer data stolen after hackers broke into the company’s support case management system, serves as a reminder of the real and high-level impact cyberattacks can have on both organizations and individuals. The notably complex and technically advanced nature of the Okta attack further highlighted the extent to which cyberattacks are becoming increasingly sophisticated, and therefore increasingly dangerous.

In the wake of the attack, further analysis has revealed that 97% of Okta’s customers were impacted by the attack. A point of considerable concern is that the hackers responsible were able to access high-level information about the administrators of Okta’s services. In short, this means the hackers now know exactly what organizations are using Okta’s solutions, and exactly who to target at these organizations.

As a result, Okta recently announced that it would be delaying product updates and internal projects by three months.

While there are some broad steps that businesses can take to increase their cyber resilience, such as establishing a strong and well-integrated internal cybersecurity framework and providing cybersecurity training across teams, for high-level and complex attacks such as the one recently suffered by Okta, businesses will increasingly find it necessary to seek external specialist support to properly safeguard their operations. 

However, administering widespread measures to shore up cyber resilience internally can seem like an overwhelming task, and it is often challenging for company leaders to know where to begin when it comes to safeguarding their businesses and embedding effective cybersecurity protocols and training, especially for non-tech teams. 

It can be helpful for organizations to focus their cybersecurity measures and training around four foundational and key areas.   

Prevent

One of the first steps for companies looking to prevent a cyber-attack should be organizing a detailed analysis of their current overall resilience, and a key part of this is ensuring that employee vigilance helps organizations stop a potential breach in its tracks before it occurs.

Employees must be made aware of how online activity could potentially leave the business vulnerable to a cyberattack, and what preventative measures they can take. In the case of the Okta attack, it has now been revealed that the attack was enabled by a systems administrator saving credentials onto Google Chrome’s password manager, which was synched to the individual’s personal computer.

This is an easily made mistake, but one which can be just as easily prevented if employees are properly educated and trained in ensuring that highly sensitive information, such as passwords, remains secure within the business’ digital ecosystem.  

For example, while phishing emails are an old and well-known type of attack, they endure because they are effective. A recent survey by Splunk revealed that 90% of companies were hit by ransomware attacks this year, often spread through phishing emails containing malicious attachments.

These types of attacks can target anyone at any level of a business, and so educating all teams within the organization, from junior employees to business leaders, is vital to ensure that there are no chinks in a company’s cybersecurity armor.

Training employees on how to identify false emails and other potentially fraudulent approaches is a crucial step in ensuring attacks fall at the first hurdle.

Protect

Once preventative measures have been established, company leaders must ensure that they are effectively maintained throughout their organizations. All teams within an organization must know the correct protocols for internet safety.

For example, measures that can be deployed to shore up a business’ protection from attacks include multi-factor authentication to patch management. 

However, at present, there is a lack of understanding about how to properly protect a business from cyber threats that extend to the very top of organizations. A 2023 report from Istari reported that nearly three-quarters of CEOs are uncomfortable with making decisions about cybersecurity.

Detect

In an ideal world, businesses would be able to completely safeguard themselves against cyberattacks, but with cyberattacks surging and becoming more advanced, all businesses are at risk of a breach. It is therefore vital for companies to establish strong and coordinated detection measures in case their prevention and protection protocols fail.

If a cyberattack can overcome a company’s cyber defenses, it must be detected as quickly as possible, as the faster a company can identify and respond to an attack, the better it can mitigate the impacts.

One of Okta’s clients, identity management firm BeyondTrust, said that it told Okta’s security teams about suspicious activity in their systems before the breach was detected, yet Okta didn’t initially acknowledge these concerns. This further highlights the vital importance of having an efficient and coordinated detection measure, and not isolating cybersecurity teams or external support from the rest of an organization, so that threats can be identified as early as possible.

Moreover, cyberattacks can happen at any time, meaning that a business must be monitoring for cyber attacks and be ready to respond around the clock. For many businesses, this is not viable if only relying on internal IT and cybersecurity teams, and so having external support that is keeping a watchful eye for cyber threats 24-7 and can action incident response plans as soon as a threat is detected is the only way to ensure that threat detection never stops.

Respond

Hacks could happen to anyone at any time, and thus companies cannot afford to bury their heads in the sand when it comes to developing efficient and coordinated response procedures that effectively address potential security threats across organizations.

Strong communication lines and pre-prepared incident response plans must be a top priority for organizations looking to bolster their cybersecurity practices, and these can only work effectively if teams have the understanding, skills, and ability to implement them.

External support

However, as outlined earlier, when a company is targeted by a complex and advanced cyberattack, the back-to-basics approach for establishing overall cyber resilience will not be enough to prevent the attack nor effectively mitigate the impacts.

In these instances, a dedicated external support team can fill in the gaps where high-level cybersecurity expertise and capability are likely missing from a business. Sophisticated attacks require a sophisticated strategy and response, and an expert degree of knowledge of what threats could be on the horizon. Seeking outside ongoing support, such as Cytek’s Managed Security Services, can ensure that the full range of potential cyberattacks, including highly complex attacks, are properly monitored and businesses have the additional defenses in place to prevent them from happening.

Moreover, planning and scenario strategy is a key aspect of building cyber resilience against complex attacks. Businesses will often not have the resources or expertise to establish incident response plans, nor the time to be continuously monitoring how cyberattacks are evolving and educating their teams on how to respond to them. External advice on how to establish defenses against complex attacks, as well as what cyber risks may be attached to digital transformation targets or the adoption of new technology, can prove instrumental to effectively strategizing for the full scope of potential threats.

More widely, external cybersecurity support can alleviate the strains that maintaining strong cyber resilience can add to a business’s day-to-day operations, as well as bolster capacity for higher-level threats and incident response.

With the capacity to offer specific managed services such as in-depth monitoring and investigations, security operations (SECOPS) and incident response, expert companies like Cytek can offer high-quality expertise that will immediately enhance protection levels.

The benefits of external support are multifaceted and can even result in opportunities for cost reduction. It has been estimated that ransomware attacks generated around $20bn of losses in 2021, and that figure is expected to triple by 2026. By working with expert teams that are ready to respond immediately when a complex incident occurs, as well as assisting with educating employees to prevent more common cyber threats, organizations can not only protect their data and assets, but also their wallets.

Next steps

Ultimately, cybersecurity cannot be kept in isolation. Instead of siloing security teams, protective measures should be integrated into overall business structures to bolster security and enable quick and coordinated incident responses. By establishing detailed protection, prevention, detection, and response procedures, while relying on expert external support for higher-level threats, companies can minimize both the likelihood and impact of an attack.

If you would like to find out more about how your company can bolster its cybersecurity measures through professional crisis support and the implementation of widespread training and capability building across your organization, get in touch with our expert teams today.

ABOUTS US

Cytek Security provides state-of-the-art cybersecurity solutions, delivered by the world’s top cyber experts. This includes advisory and implementation services, managed security services, and capability building.