Learning from the 2024 CrowdStrike Global Threat Report
The interconnected nature of modern business ecosystems exposes organisations to heightened risks through third-party vulnerabilities and identity-based attacks. As highlighted in a recent webinar* co-hosted by Secure Agility and CrowdStrike by Anthony Romano, Identity Security Manager, "88% of attack time was dedicated to breaking in and gaining initial access," often through third-party systems. This statistic underscores the critical need for robust security measures that extend beyond the organisation’s immediate network.
Third-party and supply chain risks require comprehensive management strategies. Organisations must conduct regular security assessments and enforce stringent cybersecurity standards across all external partnerships. Implementing a zero-trust security framework can significantly enhance protection, ensuring that all access attempts, regardless of origin, are verified and authenticated. Additionally, monitoring and managing third-party interactions are crucial to proactively detect and respond to potential security breaches.
On the identity security front, Romano noted that "80% of intrusions utilise compromised identities or stolen credentials," highlighting the paramount importance of securing access management systems. Organisations should deploy multifactor authentication (MFA) across all user accounts, especially those with elevated privileges to combat this. Moreover, adopting least-privilege access policies and conducting regular reviews of user permissions can help minimise the potential impact of a credential compromise.
Advanced identity protection solutions offer additional layers of security by providing real-time threat detection and automated responses to suspicious activities. These systems can identify unusual access patterns or authentication attempts, triggering alerts and initiating defensive protocols to prevent unauthorized access.
Combining robust third-party risk management with advanced identity security measures creates a formidable defence against the complex threat landscape. Organisations must prioritise these areas to protect their critical assets and ensure the continuity of their operations. Apurv Dogra, Cyber Product Lead at Secure Agility, asserts the necessity of fortifying defences in these key areas, noting that “companies can safeguard against both direct attacks on their infrastructure and those that may come through less secure channels, such as third parties and compromised credentials.”
Combining robust third-party risk management with advanced identity security measures creates a formidable defence against the complex threat landscape. Organisations must prioritise these areas to protect their critical assets and ensure the continuity of their operations. By fortifying defences in these key areas, companies can safeguard against both direct attacks on their infrastructure and those that may come through less secure channels, such as third parties and compromised credentials.
*To view the whole webinar, click here. To learn more and consider how an Identity Risk Review can make your organisation more secure, contact Secure Agility here.
