Okta, Inc has unveiled the APAC findings of its second annual State of Secure Identity Report highlighting key areas of concern for security professionals tasked with managing digital identities, including the exponential rise of fraudulent registration, credential stuffing attacks, and the widespread use of breached credentials.
Based on the data across the world from Okta Customer Identity Cloud, powered by Auth0, this report presents trends, examples, and real-world observations from the billions of identity attacks at various authentications touchpoints.
Research into these Okta global customers found the following key facts and figures:
Fraudulent registrations are an ever-present and growing threat
In the first 90 days of 2022, Okta observed almost 300 million fraudulent account creation attempts, accounting for about 23% of signup attempts, up from 15% in the same period last year. Energy/Utilities and Financial Services experienced the highest proportion of signup attacks, with such threats accounting for most of the registration attempts in those two industries.
Credential stuffing is on a record pace
Credential stuffing attacks are the most common threats to Retail/eCommerce (more than 80% login activity), Financial Services and Entertainment verticals. In the first 90 days of 2022, the platform detected almost 10 billion credential stuffing events, representing some 34% of overall traffic or authentication events.
In Southeast Asia, which was buoyed by several large-scale attacks, credential stuffing accounts for the majority of identity events. The situation in Australia and New Zealand was more sanguine — normal traffic represents the majority of login events (63%), and only during a large attack does credential stuffing overtake legitimate traffic.
Threat actors are targeting multi-factor authentication (MFA)
In Asia Pacific, MFA bypass attacks are responsible for more events than signup attacks. Because of its proven merits, more application and service providers are recommending or requiring MFA. As attackers become more sophisticated at targeting this important defensive measure, it’s critical that MFA be implemented correctly and that strong secondary factors are chosen.
Every company faces unique challenges
The threats facing any particular application or service vary enormously by geography, industry, and brand prominence, among other factors. At the same time, different organizations have different risk appetites and exposures.
The appropriate level of friction introduced by security measures will therefore vary on a company-to-company basis.
“Digital transformation will continue to be high on the priority list for many organizations, and a reliable CIAM could help businesses combat account takeover to protect consumers and businesses while boosting seamless consumer experience,” said Ben Goodman, Senior Vice President and General Manager for Asia Pacific & Japan, Okta. “The first step towards implementing CIAM securely is to understand why and how adversaries are attacking these customer-oriented businesses,” he added.
Applications gain users, identity takes on even greater Importance
As adversaries focus greater attention on attacking identity systems and evolving their tactics, techniques, and procedures (TTPs), the report highlighted that it is essential for application and service providers to:
- Implement defence-in-depth tools that work in combination across the user, application, and network layers
- Continually monitor their applications for signs of attacks and changes in TTPs; and
- Make adjustments (e.g., tune parameters, tighten restrictions, introduce new tools, etc.) as needed.
Leaders across these functions should work together to implement CIAM in a manner that balances quality of customer experience and system security, in the context of desired use cases, customer types, data types, industry-specific risks, and risk appetite.
“Trust between customers and organizations is sacred and hard-earned, therefore it is crucial to make identity security a board-level issue. Placing identity security at the core of your business will allow your workers to focus on innovation, collaboration, and productivity while reducing overall identity-related risk,” Goodman added.
Managing CIAM Threats
The report also highlighted that an agile, secure-by-design CIAM solution permits a considerable amount of flexibility that allow organizations to tailor customer identity and access management — and continually tune as needed — without drawing in resources better applied toward advancing core competencies.
The report recommends several solutions that involve combining multiple security tools that can operate at different layers and form a unified defensive position. These include implementing MFA, using generic failure messages that do not reveal system details, limiting failed login attempts, and implementing secure session management practices.