24 min listen
Five Lessons Learned From Okta’s Customer Support System Breach - ESW #340
Five Lessons Learned From Okta’s Customer Support System Breach - ESW #340
ratings:
Length:
47 minutes
Released:
Nov 17, 2023
Format:
Podcast episode
Description
We regularly cover significant breaches on this podcast, but it is rare that we have enough information about a major breach to cover in enough detail to devote an entire segment to. Today, we dive into lessons learned from the breach of Okta's customer support system that targeted some other major security vendors. This is part of a troubling trend, where the target of an attack only serves as a jumping off point to other organizations. China's 2023 attack of Microsoft is an example of this. It was easier to attack Microsoft 365, one of the world's largest business SaaS platforms, than to go after each of the 25 individual targets these Chinese actors needed access to. Traditionally, we've thought of lateral movement as something that happens within a network segment, or even within a single organization. Now, we're seeing lateral movement between SaaS platforms, between clouds, from third party vendors to customer, and even from open source project to open source adopters. In this segment, we'll cover five key lessons learned from Okta's breach, from information shared by Okta and three of its customers: 1Password, Cloudflare, and BeyondTrust. Protect Your Session Tokens Monitor for Unusual Behavior SaaS Vendors Are Common Targets Zero Trust Principles Work MFA Isn't a Binary (on or off) Control Segment Resources https://www.valencesecurity.com/resources/blogs/five-lessons-learned-from-oktas-support-site-breach Show Notes: https://securityweekly.com/esw-340
Released:
Nov 17, 2023
Format:
Podcast episode
Titles in the series (100)
Enterprise Security Weekly #14 - Super Cyberman: Enterprise Security User Awareness Training and Paul dancing! Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/ES_Episode14 Visit http://securityweekly.com/esw for all the latest episodes! by Enterprise Security Weekly (Video)