Okta study reveals top threats to digital identities
Okta has unveiled the APAC findings of its second annual State of Secure Identity Report, highlighting key areas of concern for security professionals tasked with managing digital identities, including the exponential rise of fraudulent registration, credential stuffing attacks, and the widespread use of breached credentials.
Based on the data across the world from Okta Customer Identity Cloud, powered by Auth0, this report presents trends, examples, and real-world observations from the billions of identity attacks at various authentications touchpoints.
Research into these Okta global customers found the following key facts and figures:
- Fraudulent registrations are an ever-present and growing threat: In the first 90 days of 2022, Okta observed almost 300 million fraudulent account creation attempts, accounting for about 23% of signup attempts, up from 15% in the same period last year. Energy/Utilities and Financial Services experienced the highest proportion of signup attacks, with such threats accounting for most of the registration attempts in those two industries.
- Credential stuffing is on a record pace: Credential stuffing attacks are the most common threats to Retail/eCommerce (more than 80% login activity), Financial Services and Entertainment verticals. In the first 90 days of 2022, the platform detected almost 10 billion credential stuffing events, representing some 34% of overall traffic or authentication events. In Southeast Asia, which was buoyed by several large-scale attacks, credential stuffing accounts for the majority of identity events. The situation in Australia and New Zealand was more sanguine - normal traffic represents the majority of login events (63%), and only during a large attack does credential stuffing overtake legitimate traffic.
- Threat actors are targeting multi-factor authentication (MFA): In Asia Pacific, MFA bypass attacks are responsible for more events than signup attacks. Because of its proven merits, more application and service providers are recommending or requiring MFA. As attackers become more sophisticated at targeting this important defensive measure, it’s critical that MFA be implemented correctly and that strong secondary factors are chosen.
- Every company faces unique challenges. The threats facing any particular application or service vary enormously by geography, industry, and brand prominence, among other factors. At the same time, different organisations have different risk appetites and exposures. The appropriate level of friction introduced by security measures will therefore vary on a company-to-company basis.
Ben Goodman, Senior Vice President and General Manager for Asia Pacific and Japan, Okta, says, “Digital transformation will continue to be high on the priority list for many organisations, and a reliable CIAM could help businesses combat account takeover to protect consumers and businesses while boosting seamless consumer experience. The first step towards implementing CIAM securely is to understand why and how adversaries are attacking these customer-oriented businesses."
According to Okta, as adversaries focus greater attention on attacking identity systems and evolving their tactics, techniques, and procedures (TTPs), the report highlighted that it is essential for application and service providers to:
- Implement defence-in-depth tools that work in combination across the user, application, and network layers
- Continually monitor their applications for signs of attacks and changes in TTPs; and
- Make adjustments (e.g., tune parameters, tighten restrictions, introduce new tools, etc.) as needed.
Leaders across these functions should work together to implement CIAM in a manner that balances quality of customer experience and system security, in the context of desired use cases, customer types, data types, industry-specific risks, and risk appetite, the analysts state.
Goodman says, “Trust between customers and organisations is sacred and hard-earned, therefore it is crucial to make identity security a board-level issue. Placing identity security at the core of your business will allow your workers to focus on innovation, collaboration, and productivity while reducing overall identity-related risk."
The report also highlighted that an agile, secure-by-design CIAM solution permits a considerable amount of flexibility that allow organisations to tailor customer identity and access management - and continually tune as needed - without drawing in resources better applied toward advancing core competencies.
The report recommends several solutions that involve combining multiple security tools that can operate at different layers and form a unified defensive position.
These include implementing MFA, using generic failure messages that do not reveal system details, limiting failed login attempts, and implementing secure session management practices.