The Okta Hack story development continues… On March 23rd, David Bradbury, CSO of Okta, issued a press release detailing a timeline of their incident response. In summary, Okta utilizes third-party vendor Sitel for customer support inquiries. In late January, a support engineer’s account was supposedly accessed but the employee declined the MFA challenge. The Okta security team contained the user account and shared indicators…
Category: Cybersecurity
Okta Hack: Why it’s Important
On March 22, 2022 news outlets began reporting that identity & access management provider Okta had been the victim of data extortion group LAPSU$ as part of a supply chain attack. Okta is a platform that enables enterprises and small businesses to manage and secure user identities, authentication and access control. The software is part of the Authentication, Authorization and Auditing (AAA) function of…
Two-Step Verification vs. Multi-Factor Authentication
Google recently announced that they have seen a 50% decrease in account compromises since auto-enrolling users in 2-Step Verification (2SV) in late 2021. This is great news from a cybersecurity stand-point. However, it’s worth noting that two-step verification is less secure than proper multi-factor authentication (MFA). To understand the difference between 2SV and MFA, consider the following authentication factors: Something you know (usernames, passwords)…
Recovering from Tech Burnout
At the beginning of the pandemic, I had already been feeling burned out for almost a year. In the previous summer of 2019, I had just finished an intense Computer Science degree program. During the previous 2 years, I had been working a part-time job (as a software/IT engineer) while studying computer science and performing undergraduate research. I was putting in 80+ hours a…
Overview of NIST Cybersecurity Framework
What is the NIST CSF? The Cybersecurity Framework (CSF) is a collection of standards, guidelines and best practices created and published by the National Institute of Standards & Technology (NIST). It consists of three components: Implementation Tiers, the Core and Profiles. Implementation Tiers help organizations determine their current and target level of risk management controls. The Core consists of five functions that help reduce…
CIS Critical Security Control Navigator
As a newcomer to GRC (but not IT) I’ve been studying various compliance and control frameworks. I decided to focus on the CIS Top 18 to begin with, but I know there’s also a lot of chatter about CMMC as an up and coming framework, so I wanted to familiarize myself with that too. I found out that the CIS Controls Navigator has a…
Holiday Cybersecurity Tips
The holidays are here and information security is as important as ever. For many of us, that means lots of traveling and online shopping. Here are a few tips to keep in mind to protect yourself this season.