Introduction/Overview 

In February 2015, Anthem, the second largest U.S. health insurer, confirmed it had suffered a cyberattack (a phishing attack), leading to the theft of tens of millions of consumer records. The investigation revealed the attack occurred when a staff in Anthem opened a phishing email containing malicious content. This led to the compromise of at least 50 accounts and at least 90 systems within the Anthem enterprise environment including, eventually, the company’s enterprise data warehouse.

In May 2021, a major oil pipeline owned and run by US oil giant, Colonial Pipeline Company was shut down after the company suffered a ransomware attack. Investigation done by Mandiant, a cybersecurity firm, revealed that the VPN login password of an employee was compromised and led to the attack.

In August 2022, LastPass, a popular password manager and vault app with over 30 million users, informed its customers of a cybersecurity breach. According to their released statement, “an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information”.

The recurring theme in all three attacks? Identity.

A digital identity is a collection of unique identifiers that allow computing systems to identify internal and external users and determine the associated privileges and access rights. These identifiers or attributes may include, but are not limited to, email addresses, login credentials (username/password), and pin numbers.

A History of the Security Perimeter: From Network to Identity

Historically, security teams assigned less emphasis on identity and focused on fortifying the network perimeter. This approach was effective when resources were confined within the corporate network, protected by firewalls, and located on premises. The isolation provided by the network perimeter served as an effective barrier against external threats. Additionally, the IT resources required employees to perform their job functions were minimal, resulting in a limited number of access points to monitor. Due to this, identity security was often assumed to manage itself effectively. The perception of a secure on-premises environment resulted in IT organizations placing trust in internal network communications and directing their efforts towards protecting the ‘network perimeter’. This approach was commonly thought of as “hard on the outside, and soft on the inside”. 

But this is now history, as the concept of security perimeter has been redefined with the advent of cloud-based applications and a mobile workforce. Remote working and the use of personal devices have increased the potential for data access and sharing outside of the corporate network, including with external collaborators such as partners and vendors. As a result, organizations can no longer rely solely on network-based controls for security, it’s now required to have a more dynamic and adaptive approach to security that implements controls at the endpoint level, inside applications and on the partner level. 

Since a user’s digital identity determines their access to an organization’s network and data, identity has become the new perimeter protecting that network. Therefore, organizations must shift their focus to identity-centric security. Individual identities must now be treated as potential attack vectors, as they hold the keys to access sensitive information and resources within an organization. Effective identity security must begin with the management and governance of user identities. By ensuring that only authorized users have access to sensitive information, it is possible to protect an organization from malicious actors. 

Identity Security represents a holistic approach to securing all identities used within an organization. It acknowledges that any identity, whether it be an IT administrator, remote worker, third-party vendor, device, or application, may potentially become privileged under certain conditions, creating a potential attack vector for accessing an organization’s valuable assets.

Identity has become the most significant attack vector for cybercriminals, account takeovers or impersonating a legitimate employee, granting them access to systems and data that are privileged by nature, has become the norm. As a result, they are now focused on exploiting vulnerabilities or gaps in systems to gain a foothold within trusted environments and advance laterally in pursuit of high-value targets. This trend has given rise to the adage in cybersecurity that “hackers don’t break in, they log in” as attackers often find it easier to gain access to an organization by obtaining or guessing login credentials rather than attempting to penetrate digitally.  Identity is the new security perimeter and businesses need mature, robust, and resilient security systems to protect critical information from identity theft.

At Signal Alliance Consulting, we design and deploy turnkey security solutions and services to help our clients build up security capabilities to reduce enterprise risk including Threat detection and response solutions, Identity & access management solutions, Secure access service edge (SASE), Cybersecurity advisory services.