Skip to main content

Cybersecurity: Lost Your Keys?

September 03, 2019

From time to time we all lose our keys. The solution for physical keys is simple – find the spare set and head down to your local hardware store so they can make you a new set. The only time you have to worry about re-keying is when there isn’t a spare set. None of this is a huge deal, because what are the chances that whoever finds your lost key will try it in enough locks to miraculously find your door?

But what if your keys are stolen? And what if they were stolen from a third party with whom you’d shared them? Then things get a little more complicated as you may have to change the locks. It’s an inconvenience for sure, but not a catastrophe.

In the cyber world these scenarios differ in one important way: in the case of theft the culprit may well know what door – or in the digital space, what services – can be accessed with those keys. Your risk increases further when the stolen keys came from a trusted third party that offers the very services the keys are used to access.

When this happens you must re-key. In some situations, re-keying might be as simple as changing a user’s password or re-generating an API secret key. Then you update the places where those authentication items are used. In other cases, though, there may be hundreds of users or services utilizing the stolen API key, making the update process a far more tedious one.

In these complicated situations, where there’s a time delay involved in re-keying, you should consider these additional monitoring steps:

  • Place extra scrutiny on all successful authentication events:
    • Who is the user or service?
    • Does this user or service typically access the third-party service?
    • Where is this user or service located?
    • Is the user or service operating during standard working hours?
  • Enforce multi-factor authentication for password-based access
  • Turn off all unused API endpoints
  • Restrict access to used API endpoints by known sources
  • Subscribe to monitoring services that identify if batches of stolen credentials are for sale

When the inevitable happens

It’s a given that from time-to-time service providers will lose our keys, so what can we do to pre-empt and limit the impact? Consider:

  • Require multi-factor authentication for password-based access
  • Enforce additional authentication challenges for any suspicious access
  • Automate key rotation
  • Enforce privilege access management for privileged accounts

These sorts of breaches are annoying under the best of circumstances (and catastrophic in the worst), but the good news is there are tried and true ways of mitigating the damage.

If you have questions, give us a call.

Related Blogs

May 29, 2019

Four Ways to Reduce Identity and Data Risks in a Digital Economy

The use of stolen credentials ranks as one of the most commonly seen aspects of cybersecurity incidents, and loss of unencrypted data is one of the mo...

See Details

June 08, 2018

The Business Trusts the Third Party – Should You?

In this day and age we are faced with some hard facts within information security. One of those facts is that breaches are imminent and we must be pre...

See Details

August 16, 2016

Five Ways to Minimize Risk Exposure

Risk management is something to be taken very seriously. Few things are more harmful to a company's reputation and bottom line, than a breach of clien...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.