WorkSmart is aware of the security incident with Okta, an identity and access management firm that supports thousands of businesses. We are working with our partners to assess any potential impact on our tools.
What was the security incident?
Earlier this week, the Lapsus$ hacking group posted screenshots, claiming to have obtained access to various systems across Okta back in January 2022. Okta confirmed that the group gained unauthorized access to the system by compromising a contractor’s laptop.
Okta’s investigation concludes that up to 366 of their customers could have had their systems accessed during a five-day period. Their report also notes that there is no evidence of ongoing malicious activity.
What does this mean for my business?
Okta says that they are working directly with potentially affected customers, giving a report of what the contracting company did on their accounts during the time of the hack in January.
Responding to this security incident, even if your business was not the 2.5% of Okta customers directly affected by the breach, is important for all. We recommend checking with any technology vendors or partners that may have access to your systems for how they may have been affected and any steps they are taking to ensure their environment is protected.
The Importance of a Multi-Layer Cybersecurity Approach
Unfortunately, there are many other threat actors out there, like Lapsus$, looking to exploit technology. So, an attack on a service that is a key layer of many businesses’ IT security strategy can create a lot of fear and doubt. However, with multiple layers of cybersecurity, one failed layer doesn’t need to lead to catastrophe.
Multi-factor authentication, single sign-on, conditional-access, and other access management tools continue to be effective tools to protect against unauthorized access. Following these best practices in addition to MFA will help improve your security defenses:
- Only allow healthy and trusted devices to connect to your technology
- Educate your employees on cyber risks
- Limit the risk of exposing sensitive data
- Monitor for potential vulnerabilities and active attacks across your technology
Contact us today if you’d like to review your IT security strategy!