Thankfully, a lack of data inventory is an easy challenge to address because there are tools available
            that can provide this visibility.  Complete visibility not only into which infrastructure resources contain
            sensitive data across cloud data stores, but also ownership of the data. A robust data inventory is crucial
            for  any  effective  data-centric  security  strategy  that  enables  organizations  to  proactively  identify  and
            address potential security threats before they become a data breach.



            Dormant Identities and Data Stores


            Aside from a lack of data inventory, dormant identities are the single most common data security issue
            and one of the most overlooked paths to breaches and attacks. A Dormant identity is any user, role, or
            service  account  that  has been  inactive  for  extended  periods  of  time.  These  identities  accumulate  in
            organizations when there is not a proper system in place to remove terminated employees, inactive users,
            or unnecessary permissions.

            Delayed  or  incomplete  employee  or  vendor  offboarding  are  a  common  cause  of  dormant  identities.
            Companies often swiftly onboard new employees and third-party individuals. However, when these users
            leave or change roles, the offboarding procedures are oftentimes pushed aside. With that, permissions
            or unnecessary identities of departed users are not revoked or deleted, leaving them accessible to former
            employees, contractors, or potential attackers in case the credentials are compromised.

            Regardless of the root cause, dormant identities present a common and overlooked avenue for breaches
            because threat actors seek out the path of least resistance, and a compromised dormant identity can
            often be the quickest way to obtain sensitive information. If left unmonitored, threat actors can seize
            control of these accounts and identities without detection, and achieve access to sensitive data. Dormant
            identities are typically less monitored, so in the event of a compromised dormant identity, security teams
            often remain unaware of the breach.

            Dormant  data  stores  can also put  organizations  at  increased  risk.  Dormant  data  stores  are  old  and
            unused,  and  become  potential  targets  for  attacks  as  they  are  often  forgotten  and  unmanaged.
            Organizations retain archives of information due to regulatory compliance or store long past their useful
            life, in the hope of potential future use.  But in reality, dormant data is never utilized once it become
            dormant and while it may not be of business value, it remains accessible and increases risk by expanding
            the organization’s attack surface and the blast radius of a potential data breach.
            To remediate these challenges, it is important to prioritize cleanup tasks and conduct proactive exercises
            to reduce risk promptly and regularly. To do this, organizations should adhere to their stipulated data
            retention policies and prioritize removing any high-risk dormant identities and removing any unnecessary
            permissions. They should ideally invest in automation that enables ongoing monitoring, alerting, and
            proactive risk reduction.











            Cyber Defense eMagazine – February 2024 Edition                                                                                                                                                                                                          104
            Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.