Identity
Exponential Growth in Cybercrime's - Bitkom Study 2021
September 6th, 2021

The growth in technology and digitalisation of virtually all business sectors has transformed the way in which we all work, moving away from manual processes. New innovations continue to improve products and services at lightning pace.

While we enjoy the benefits technology brings, with great opportunity comes great risk. Bitkom, Germany’s Digital Association’s latest report from 5th August 2021 reveals a dramatic increase in cyber attacks between 2020 and 2021 for German Organisations. Bitkom calculated that cyber crime causes over 220 Billion Euros each year and is continually on the rise.

‘Extortion, system failures and operational disruptions more than quadrupled’

All organisations are at risk, a more alarming statistic that came out of the report is,

‘9 out of 10 companies have experienced a cyber attack within the last year’

The targets of cyber criminals are expanding rapidly, attacks on small and medium business are becoming more prevalent and complex as are attacks on public facing organisations such as schools, universities and healthcare.

The most popular methods used to gain unlawful access to companies have been:
- Social engineering targeting Home Office employees
- Malware, DDOS attacks and spoofing
- Ransomware attacks

All employees and customers with login credentials are at risk of cyber attacks, each set of credentials presents an opportunity to access protected resources. An overwhelming majority of cyber attacks are based on stolen and misused credentials. All passwords are susceptible to breach, theft, and attack attempts. Over 70% of organisations still rely on a password-centric authentication approach.

Resilience has become the new goal of the German economy. Companies are required to focus on complex Information Security tasks as well as performing their day jobs to the highest standard, remain economically viable and continue to deal with the pressure of the global pandemic.

Lack of Security Experts

Less well known is the fact that there is a distinct lack of security experts available for hire. Asking developers without a strong security background or inclination to perform security tasks can open up your organisation to risks, for example a technical misconfiguration can expose sensitive data or system access to the wrong people. Similarly, employees on the business side may not have the correct specialist skills and experience to implement a robust Identity and Access management plan.

Identity as a Service (IDaaS)

With Okta’s Identity as a Cloud Platform, it’s possible to implement custom tailored security controls and solutions with low and no code options for Workforce, CIAM and B2B scenarios.

Okta offers secure methods to authenticate accounts

  • Out the box modern technologies like Multi Factor Authentication (MFA)
  • Advanced adaptive MFA focuses on expanding Risk Based Authentication, biometrics, email magic links, social sign on and AuthN
  • Passwordless authentication with Factor Sequencing
  • Risk Based Strategies can be matched to your use case, for example enforcing MFA Factors per network zones, employees not in the office are subject to further security checks
  • Secure access to applications and key resources with Single Sign On protocols

    Centralised view of users and threat alert mechanisms
  • Management of privileged user access accounts or ‘keys to the kingdom’
  • View status and access rights of all Employees, Partners and Customers in one place
  • Automate user provisioning and deprovisioning, ensuring the right users have only the resources they need, at the right time
  • Threat insights and alerts, continually monitor your environment based on built in industry best practices
  • Instantly block untrusted IP addresses and define network zones to restrict access

Spotlight on MFA

Multi factor authentication is one of the simplest ways to prevent the most common cyber attacks:

  • Phishing
  • Spear phishing
  • Keyloggers
  • Credential stuffing
  • Brute force and reverse brute force attacks
  • Man-in-the-middle (MITM) attacks

Okta reports that companies implementing MFA have reduced their risk of attack by up to 75%. Okta’s out the box MFA implementation allows you to choose from a wide range of factors that best suit your use case:

  • Okta Verify
  • Custom TOTP
  • Custom IdP Factor Authentication
  • Duo Security
  • Email authentication
  • Google Authenticator
  • On-Prem agent (including RSA)
  • Security Question
  • SMS authentication
  • Symantec VIP
  • U2F Security Key - FIDO 1.0
  • Voice Call authentication
  • WebAuthn
  • YubiKey

Adaptive MFA

Okta also offers an advanced MFA product. You have the flexibility to apply different factors to different groups of users, based on different user behaviours, geo-locations, IP networks and more. Thus, creating your own risk-based authentication model.

Passwordless authentication is also on offer with this product. Passwords are more frequently becoming recognised as the main source of cyber attacks. Factor sequencing and email-based magic links are two of the top methods to implement this process. Factor sequencing deploys multiple MFA factors of your choice to replace a password entirely.


Self-service

It's worth mentioning that users have the ability to enrol in and reset their MFA factors, saving time and resources on IT Helpdesk teams. 


Adopt a Zero trust Security Model

The traditional security controls implemented with the network perimeter are no longer valid in cloud and mobile environments. A new security landscape must be adopted by organisations. Okta’s Idaas Platform incorporates modern authentication protocols and offers Organisations a way to easily and transparently begin their Zero Trust strategy. 

There are many more ways in which Okta can secure your organisation. For a free demo or chat based on your use-case, please send us an email at [email protected]