What Small Businesses Should Do Following the Okta Breach

CKSS CMMC DFARS Compliance Consultants what small businesses should do following breach blog

Okta is one of the world’s largest access management companies that provides customers and organizations with single sign-on (SSO), multi-factor authentication, and lifecycle management. Despite Okta’s size, resources, and influence, it was recently hacked. Many are questioning if this transgression against Okta will influence other organizations to evaluate how they go about implementing security hygiene practices to prevent similar data breaches.

This news first surfaced in mid-March as hackers belonging to an infamous cybercriminal ring known as LAPSUS$ published screenshots that show the cybercriminals inside Okta’s information systems. These screenshots, later confirmed by Okta officials, show that LAPSUS$ was undetected inside Okta’s information systems around January 2022. This most likely was around the time the Okta breach took place. Building on this, the group says they have access to a variety of critical internal systems that hold both financial information regarding Okta and Okta’s clients. 

In parallel, several high-profile data leaks from large companies have surfaced over the past few months (leaks that LAPSUS$ has taken responsibility for), making some question if there is a link between this breach and these recent data leaks.

What makes this Okta breach so significant?

Okta develops and maintains identity and access management systems, such as Single Sign On (SSO), Multi-Factor Authentication (MFA), and lifecycle management. However, what makes this breach so significant is the scale at which Okta operates. Today, Okta has hundreds of millions of users and acts as one of the go-to access management solution platforms for small businesses worldwide.

Now, with more details coming to light, such as the fact that the  Lapsus$ hacking group had access as early as January 2022 (however, it could even be earlier than this), it highlights that organizations need to step back and consider their approach to keeping their organization secure.

To help small businesses navigate their security initiatives in the face of this breach, we’ve put together a list of 6 tips that we’ve found to enhance security substantially and limit the risk of potential breach or exposure. 

  • Technical safeguards such as MFA – It’s understandable that following this Okta breach, exploring MFA options outside of Okta may be a priority for your organization. However, even if Okta isn’t your choice for an MFA solution, using an MFA is critical to your organization’s security. Approximately 57% of businesses worldwide are currently using MFA, ticking up 12% from the previous year.
  • Defense in Depth – Defense in Depth (DiD) is a defensive cybersecurity strategy that employs layered security safeguards to protect valuable information. With defense-in-depth, if one security mechanism fails, another mechanism is in place to protect the organization from sustaining a breach or cyber-attack. Strategically fortifying a security perimeter with multiple fail-safes promoted in the Defense in Depth architecture is another significant way to thwart today’s most sophisticated attacks.
  • Zero trust – Zero Trust is a security architecture that assumes any user on the network has been compromised and challenges the user to prove their authenticity. This tenant ensures that as a user attempts to access sensitive information, the zero-trust policies provide that this user is, in fact, authentic and authorized to access this given information. By assuming zero trust, organizations significantly mitigate the risk that a bad actor accesses sensitive information if they do get past an organization’s security perimeter. 
  • Principle of least privilege for ALL resources – Building on the concept of zero trust, the idea of the principle of least privilege for all resources is another critical security initiative small businesses can adopt to keep their organization safe. Applying the least privileges for users ensures that users do not have access to information that they shouldn’t have access to. This dramatically reduces the risk of an internal user exploiting an organization.
  • Reviewing of audit logs – By reviewing audit logs regularly, organizations can identify threats early enough to limit their influence. Often, third-party providers can augment an organization’s initiative to check audit logs and offload a lot of the resource requirements in auditing logs regularly.
  • Encryption of sensitive data – If a bad actor were to gain access to your environment, what amount of information is unencrypted? Unfortunately, for many organizations, the answer favors the bad actor. Therefore, setting up vital initiatives around encrypting data is critical in today’s fight against cybercriminals. Fortunately, there are an array of solutions such as BitLocker or built-in encryption solutions for many of today’s most popular data platforms, such as Azure Server Side and client-side encryption
  • Password Rotation. Frequent changing of API keys and system Passwords – Lastly, password rotation. Implementing a process for forced password rotation by all employees statistically reduces the chances of a breach. This is because passwords are often stolen and sold on the dark web. Here, if an organization rotates its passwords before the stolen identity is stolen and used, it’ll avoid a bad actor gaining access to its environment.

Next Steps

If you’re considering enhancing your security posture and implementing some of the strategies we’ve discussed in this piece, consider contacting us today

Through our one-on-one consultations, we’ll help you bridge the gap between your security initiatives and achieving a more secure, resilient security environment.