December 6

SSO in Action: Real World Business Case Studies

0  comments

How Single Sign-on Helps You Outsmart Cybercriminals 

In general, when users are so overwhelmed by remembering passwords, users will start getting careless. This is why hackers despise single sign-on (SSO). 

How? Single sign-on (SSO) removes the need for individual passwords for each account and replaces them with a single set of corporate credentials. Your users can sign in with one set of credentials to access all their applications and services. This not only enhances their experience and boosts productivity but also strengthens your security.  

Since SSO enables a single login, it reduces the number of passwords your users have to manage. This effectively reduces your password-attack surface, decreasing the likelihood of a successful data breach. 

The right SSO solution is simple to integrate and easy to administer, offering self-service capabilities that enable users to manage their access to enterprise data and applications, including resetting passwords. Furthermore, implementing single sign-on can decrease your IT and administrative costs. 

How Password Resets Affect Your Finances 

According to a report sponsored by Yubico, the average user spends 10.9 hours annually on password resets. This results in an average productivity loss of $5.2 million per year for an organisation with 15,000 users, based on an average hourly rate of $32. While the Yubico report focused on end-users, the time investment extends beyond just them. 

Is a Single Password Really Stronger than Multiple? 

As a thorough decision-maker, most people are wise enough to weigh your options. When considering whether to use SSO or not, you may question if having just one password is a good idea. If one password grants your users access, wouldn’t it do the same for bad actors? Not necessarily, and there are a couple of reasons why. 

Firstly, by only needing to create one password, your users are already practising one of the strongest and best password habits: avoiding password reuse. As discussed earlier, the more passwords you require, the more opportunities hackers have to exploit them. Additionally, users are more likely to create strong passwords when they only have to remember one instead of many. 

However, a discussion about SSO shouldn’t end with passwords. An enterprise SSO solution should enable you to easily add additional security measures beyond passwords alone. For example, it should allow you to limit access based on user attributes (ABAC) and require extra authentication methods based on risk. 

A contextual MFA solution combined with SSO allows you to apply authentication policies based on context, such as the risk of the action being taken or the sensitivity of the resource being accessed. You can use ABAC policies or variables like IP address and web session attributes to further ensure users are who they claim to be before approving certain actions or access. 

Lessons from the Field: The Risks of Poor Password Management 

Understanding the consequences of poor password management is essential for businesses aiming to enhance their cybersecurity. Here, we present real-world case studies demonstrating the potential dangers of weak password practices. 

1.Norton LifeLock Breach 

In December 2022, Norton LifeLock, a cybersecurity company specialising in antivirus software and identity theft protection, experienced a significant data breach affecting over 6,000 customer accounts. The breach was the result of a credential stuffing attack, where attackers use lists of previously exposed usernames and passwords to gain unauthorised access to accounts on other platforms. 

The breach was first detected on 12 December 2022, when Norton LifeLock's intrusion detection systems noticed an unusually high volume of failed login attempts, indicating a credential stuffing attack. The investigation traced the attack back to 1 December 2022, when an unauthorised third party began using credentials obtained from the dark web to attempt logins on Norton customer accounts. 

  • Impact on Customers: The breach exposed sensitive personal information and potentially allowed attackers to access other accounts where the same credentials were used, posing risks of further breaches and financial loss. Customers using Norton Password Manager were particularly vulnerable, as the attackers could have accessed stored passwords for various other accounts, including banking and social media. 
  • Company's Response: Norton LifeLock reset passwords for all affected accounts and implemented additional security measures to prevent further unauthorised access. The company advised customers to change all passwords stored in the password manager and to enable multi-factor authentication (MFA) to enhance security. 

2. LastPass Data Breach 

In August 2022, LastPass, a popular password management service, experienced a significant data breach. The attack began on 8 August 2022, when a threat actor compromised a LastPass software engineer's corporate laptop. Using this access, the attacker gained entry to LastPass's cloud-based development environment. 

During this initial breach, the attacker stole source code, proprietary technical documentation, and some of LastPass's internal system secrets. Specifically, the attacker exfiltrated 14 out of approximately 200 source-code repositories related to LastPass services. These repositories contained cleartext embedded credentials, stored digital certificates for LastPass's development infrastructure, and encrypted credentials used for production. 

On 12 August 2022, LastPass's security team detected the malicious activity. LastPass immediately engaged Mandiant, an incident response firm, on 13 August to assist with the investigation. On 25 August 2022, LastPass CEO Karim Toubba publicly announced the breach, stating that it had been contained and that there was no evidence of further unauthorised activity. 

At this point, LastPass claimed that the breach was limited to their development environment, which was physically and logically separated from their production environment and did not contain personal data. 

  • Impact and Aftermath: The full extent of the breach was not disclosed until December 2022, when LastPass revealed that the attacker had accessed customer vault data. LastPass advised all users to change their master passwords and all passwords stored in their vaults. The company implemented additional security measures, including new security technologies, expanded encryption use, credential revocation, and enhanced logging and alerting. 

3.1Password Data Breach 

In 2023, 1Password, a widely used password management service, experienced a security incident linked to a breach of Okta's support system. On 29 September 2023, a member of 1Password's IT team received an unexpected email notification indicating that they had ordered a report listing all 1Password admins. This was suspicious, as the IT team member had not made such a request. 

The 1Password incident response team quickly engaged and discovered a suspicious IP address. They found that an unknown attacker had accessed the company's Okta instance with admin privileges. The investigation revealed that the attacker had gained access to 1Password's Okta environment by exploiting a session cookie from an IT employee's HAR file, which had been shared with Okta support for troubleshooting purposes. 

  • Company's Response: The company confirmed that there was no evidence of data exfiltration or access to any systems outside of Okta. The attackers appeared to be conducting reconnaissance for a potential future attack. On 23 October 2023, 1Password publicly disclosed the security incident, emphasising that no user data or other sensitive systems were compromised. 
  • Security Measures: Following the incident, 1Password implemented additional security measures to prevent similar breaches in the future. These included stricter MFA policies, reduced session durations for administrative users, and enhanced monitoring and logging. 

Establish a Secure Foundation with Single Sign-on 

Introducing Single Sign-on (SSO) is an excellent initial move to protect your organisation from cyber threats. SSO significantly reduces your attack surface by minimising the number of passwords each user needs. By implementing SSO, you not only enhance your organisation's security stance but also offer your users the convenient and efficient access they desire.  

Need help getting started? Book a free consultation with Overt Software's technical expert. Click the button below. 


Tags


You may also like

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Get in touch

Name*
Email*
Message
0 of 350