Uncovering Legacy Identity Blind Spots

In today's ever-evolving threat landscape, it's essential to identify and address vulnerabilities to protect your organization's sensitive data and systems. Legacy blind spots are prime targets for cyberattacks, but why are they hard to find and fix? Is it due to technical limitations, people, or a combination of both?  

Legacy identity blind spots

During the initial discussion, participants shared the legacy identity blind spots that challenged their organization. Attendees highlighted legacy applications lacking multi-factor authentication (MFA) support and integrating these outdated applications with modern authentication protocols and systems was described as a particularly difficult task. For example, many ransomware attacks exploit legacy protocols, which lack the protection of modern technologies such as multi-factor authentication (MFA), adaptive authentication, and role-based access control. Continuing the discussion, an energy company executive shared the challenge of managing service accounts embedded in internal applications. It's difficult because these accounts have elevated privileges and are prime targets for attackers.

Business implications of cyberattacks

Cyberattacks can negatively impact an organization in several ways. Besides causing financial losses, they can also damage the organization's reputation and result in a loss of customer trust. Furthermore, cyberattacks can expose sensitive information, such as personally identifiable information (PII), intellectual property (IP), and privileged credentials. To mitigate these risks, businesses need to reduce their attack surface and have contingency plans in place. Here are some ways to mitigate risk:

• Use solutions like Privileged Identity Management (PIM) to manage privileged accounts.  
• Perform automated backups of critical systems and data to prevent the loss of important information.  
• Use MFA to protect access to sensitive applications, leverage LDAP to secure your legacy stack, and adhere to the principle of least privilege when creating roles and assigning permissions.  

The role of cyber insurance in driving security enhancement

Obtaining a cyber insurance policy can serve as a significant motivator for companies to enhance their security posture. As a result, insurance companies are imposing increasingly stringent requirements on policy applicants. Previously, simply enabling MFA would suffice, but now it is necessary to explicitly state the use of strong MFA for all sensitive applications and data. Additionally, insurance brokers may ask for specialized security controls for service accounts.

This trend towards more rigorous insurance requirements highlights the importance of continuously improving an organization's security posture. Companies can no longer afford to treat cybersecurity as an afterthought but must proactively adopt best practices and implement robust security measures to protect their systems and data. Furthermore, insurance policies can provide a false sense of security if companies do not adequately manage and monitor their security controls. Therefore, these policies can only complement, not substitute, a comprehensive cybersecurity program.

Rethinking security based on external feedback

An organization may reconsider its security practices based on customer, partner, and third-party feedback. Today's customers are more aware and mindful of the steps companies take to safeguard their sensitive data and thus prioritize security as a deciding factor in their purchasing decisions. Moreover, the recent increase in supply chain attacks has led third parties to inquire about the security controls and protocols companies implement before entering into contracts.

‍