Summary Action Items To Help Prevent An Okta Style Attack

Below is a condensed summary of all the action items from the Deep Dive article.

Introduction

The dust has FINALLY settled on the recent Okta hack, and we have a ton more information as Okta has updated their incident response report (see old version here). Although I did cover the Okta attack initially, there is a lot more information now.

This is a deep dive not just into all the things that went “wrong” but more importantly, all the things you and your organization can do to prevent such an attack. I think if we can’t learn from our and others' mistakes, then we’re just being lazy. 

I also use quotes for the word “wrong” as I acknowledge that information security is a tough job, however that being said there are definitely expectations out there regarding information security hygiene, upkeep, and preventative medicine. This becomes doubly so when you have been hit with a breach/compromise already.

The format of this article is divided into sections that cover what the “bad” was and include a remediation section at the end of each. They are not in any particular order of priority and all are different layers to the cake. Often attacks are successful because they opportunistically exploit multiple vulnerabilities that even sometimes seem unrelated.

Although I could have combined many of the below items into larger topics, I felt it was important to granularly break each part down as each item has its own preventative medicine.

I must commend Okta, Cloudflare, and 1Password for sharing detailed incident response reports publicly. The only way we can improve is by being transparent.

Disclaimer: The below advice is meant for companies to implement in their own information security programs and is in no way an accusation of wrongdoing or neglect of Okta or any affiliated party.

For the full Deep Dive article, check it out here.

Lessons Learned - Avoid Static Passwords

Lessons Learned - Audit & Delete Old Service Accounts

Lessons Learned - Don’t Save Passwords, Insecurely

Lessons Learned - Lockdown Company managed devices

Lessons Learned - Your Logs May Not Have The Full Picture

Lessons Learned - Universally Apply Protections To All Parts Of The System

Lesson Learned - Learn From Your Mistakes

Lessons Learned - Threat Detection and Response Must Be Adequately Size To Fit Your Threat Model

Lessons Learned - Reduce Customer Friction To Security

Lesson Learned - Protect Customer Data