Okta Hack: March 23rd Updates

The Okta Hack story development continues… On March 23rd, David Bradbury, CSO of Okta, issued a press release detailing a timeline of their incident response. In summary, Okta utilizes third-party vendor Sitel for customer support inquiries. In late January, a support engineer’s account was supposedly accessed but the employee declined the MFA challenge. The Okta security team contained the user account and shared indicators…

Okta Hack: Why it’s Important

On March 22, 2022 news outlets began reporting that identity & access management provider Okta had been the victim of data extortion group LAPSU$ as part of a supply chain attack. Okta is a platform that enables enterprises and small businesses to manage and secure user identities, authentication and access control. The software is part of the Authentication, Authorization and Auditing (AAA) function of…

Two-Step Verification vs. Multi-Factor Authentication

Google recently announced that they have seen a 50% decrease in account compromises since auto-enrolling users in 2-Step Verification (2SV) in late 2021. This is great news from a cybersecurity stand-point. However, it’s worth noting that two-step verification is less secure than proper multi-factor authentication (MFA). To understand the difference between 2SV and MFA, consider the following authentication factors: Something you know (usernames, passwords)…

Recovering from Tech Burnout

At the beginning of the pandemic, I had already been feeling burned out for almost a year. In the previous summer of 2019, I had just finished an intense Computer Science degree program. During the previous 2 years, I had been working a part-time job (as a software/IT engineer) while studying computer science and performing undergraduate research. I was putting in 80+ hours a…

Overview of NIST Cybersecurity Framework

What is the NIST CSF? The Cybersecurity Framework (CSF) is a collection of standards, guidelines and best practices created and published by the National Institute of Standards & Technology (NIST). It consists of three components: Implementation Tiers, the Core and Profiles. Implementation Tiers help organizations determine their current and target level of risk management controls. The Core consists of five functions that help reduce…