Whether you realize it or not, you’ve shared your personal information. Perhaps you’ve done it by filling out an online application to a local gym, purchasing a Mother’s Day gift over the internet, or updating your benefits information with your employer’s HR services. In many of our virtual transactions, we end up willingly and sometimes unknowingly sharing personally identifiable information (PII) with online entities and their third-party affiliates.
Knowing cybercriminals would love nothing more than to get their hands on your sensitive data, online vendors and our own employers turn to third-party identity and access management service companies like Okta to protect customer and employee information.
But what happens when those same identity and access management companies to which we put our trust (and our PII) into fall victim to a third-party breach themselves?
On March 21, a hacking group known as Lapsus$ posted what appeared to be visual proof that the cybercriminals had breached Okta servers. And though Okta has since attempted to frame the incident as “an unsuccessful attempt to compromise” a vendor account, Lapsus$ have reveled in the fallout, taking repeated victory laps on social media, across the dark web, and Okta’s own Telegram channel. Meanwhile, employers, employees, customers, and much of the cybersecurity community are left angry and confused.
Okta has been roundly criticized for the length of time between when the company was first notified of suspicious activity on its servers in January, and its initial public comment following the Lapsus$ Tweet in March. “[Okta] can still turn this around,” Fortalice CEO Theresa Payton told the Wall Street Journal recently, “But it’s going to require transparency in their communications.”
As more information come to light, there are still a host of jarring questions left to answer:
We’re glad you asked.
In the near-term, Fortalice recommends all organizations increase monitoring for all system administration (or “superuser” level) activities for the previous 90 days, and ensure heightened monitoring continues. Additionally, you should test to ensure multi-factor authentication is working as you intended. (Specifically, Okta users should consider taking the extra step to reset passwords.) Lastly, take time to thoroughly review any failed login attempts, and track down any access to your systems from unknown IP addresses.
We at Fortalice believe preparation is the best strategy to protect an organization, so if you’re looking to strengthen your cybersecurity posture and prepare for the next cyber threat, here’s how Fortalice can help:
For additional information on Fortalice Solutions service offerings, contact the team via email at firstname.lastname@example.org.
To report a cyber incident, you can call the FBI's 24/7 CyWatch at (855) 292-3937 or email them at CyWatch@fbi.gov. And for the latest from Okta on the January 2022 Compromise: https://www.okta.com/blog/2022/04/okta-concludes-its-investigation-into-the-january-2022-compromise/.