Original content provided by BDO Canada.
Why the Okta incident shocked the digital supply chain and called for action
In today's cyber-literate world, every business is vulnerable to cyber attacks and no one is immune. Yet, the more sophisticated your digital footprint is, the greater your vulnerability becomes, and the higher the risks are without solid cyber risk management tools and response strategies.
Earlier this year a key digital supply chain organization, Okta, was attacked in January 2022.
Okta, an identity authentication provider of more than 15,000 customers that specializes in vital user authentication services across many digital enterprises and platforms, confirmed the incident two months later with somehow conservative disclosures on the severity and impact of this incident.
Incident overview
On March 22, 2022, Okta publicly acknowledged the incident following the disclosure of screenshots revealing Okta’s administrative interfaces, claimed to be accessible by the threat actor under the name Lapsus$, a mysterious threat actor that emerged in December.
For context, the threat actor claims to be behind LG, Nvidia, and Microsoft exploitations. At Okta, based on a commissioned forensics report, Lapsus$ had access to credentials belonging to an Okta engineer for several days, undetected, from January 16 to January 21, 2022.
The full scope of impact is not yet known, but delayed disclosures are reportedly impacting trust and highlighting the dependency of end-users on too-big-to-fail service and solution providers that can leave your organization exposed.
Impact assessment
In general, privileged access to identity and access management systems can trigger significant cyber threat activities such as adding and deleting users or changing login policies to enable an attack.
In this case, Okta claims that the impact appears to be limited to 2.5% of their clients and they are expressing that no actions are required, according to a published impact statement dated March 22, 2022. As for the threat actors, they have not indicated any signs of additional impact scope beyond the initial claims of access.
However, the highest impact was likely on Okta’s customers. Teams were reportedly scrambling to identify an investigative approach without much disclosure from Okta. The slower approach to disclosure, in this case, highlights the importance of third-party risk management of too-big-to-fail service providers.
Key considerations for risk management
Such an incident prompts concern among cybersecurity experts not only due to the popularity of Okta's service with big corporations, but also the potential damage a hacker could inflict on an organization’s assets and value.
Solidifying your risk management strategy can help prevent and respond to such threats in a timely and acute manner. Some of the most important considerations you need to keep in mind are:
Third-party risk management
Vendors provide assurance that their people, process, and technology are secure by demonstrating alignment to frameworks like SOC2. However, organizations with a higher risk profile can also monitor their vendor’s publicly available cyber signals to determine if their partner’s risk is increasing or decreasing.
Multi-factor authentication
Application-based multi-factor authentication (MFA), like the Microsoft Authenticator, is an extremely powerful tool for reducing risks. Also, SMS-based MFA is another effective tool but not as secure.
Identity and access management review
Sustainable assessment of the organizational position around active directory policies and activities. That entails performing discovery of new users, or if unknown users are identified, and running an investigation immediately.