In today's business environment, application and service providers face pressure to enhance their customers' experience and increase their retention rates. However, in this process of maximizing UX and minimizing friction, it is essential to ensure the security and protection of user identities. To do so, it is necessary to understand the threats and attacks that Customer Identity and Access Management systems face and develop effective strategies to mitigate them.
Current Threats
Jameeka Green Aaron, CISO of Customer Identity at OKTA cited these statistics, which reveal important trends, in the hope of helping organizations understand the threats to CIAM:
- Fraudulent registrations: Fraudulent registrations pose a constant and growing threat. In the first 90 days of 2022, registration fraud accounted for approximately 23% of all attempts.
- Credential attacks: Credential attacks have reached record levels. In 2022,accounted for 34% of global authentication event traffic, although most industries experienced credential attack rates of less than 10% of login events; in cases such as the Retail/eCommerce sector, they exceeded 80%.
Challenges and Recommendations
Every company faces unique challenges and has different risk appetites and exposures. Therefore, the appropriate level of friction introduced by security measures will vary from one company to another.
Auth0, a leading identity management company, has shared valuable insights into the threats and attacks observed on its platform. Given the growing focus of attackers on identity systems and the constant evolution of their tactics, techniques, and procedures, it isessential that application and service providers take the following measures:
- Implement defense-in-depth tools: Tools that work in combination across the user, application, and network layers should be used.
- Continuously monitor applications for signs of attacks and changes in the tactics used by adversaries.
- Make adjustments as needed, such as adjusting settings, tightening restrictions, or implementing new security measures.
In conclusion, these options allow organizations to tailor their identity and access management as needed, without tying up valuable resources that could otherwise be used to advance the company’s core competencies. Whether developing in-house solutions or relying on an identity-as-a-service provider, it is important to implement security measures that increase the difficulty for attackers without compromising the user experience.
Meet Ricardo Shuck and Carlos Meyer from our Identity team and start the transformation your company needs!
