Identity management firm Okta recently disclosed that due to a data leak, hundreds of clients’ data may have been “viewed or acted upon.” An investigation into suspicious activity identified a five day period where a cyber attacker had access to a third-party customer support engineer’s laptop. The company concluded that a small percentage – around 2.5% – of their clients’ data may have been accessible to the attacker during this time period. In a statement posted March 23, Okta’s Chief Security Officer David Bradbury noted, “We have identified those customers and have already reached out directly by email.”
While the Okta service itself was not breached, the attackers did gain access to the support engineer’s laptop, enabling them to access information Okta had made available to this third-party provider. These third-party support staff are also able to reset passwords and multi-factor authentication factors for users but cannot obtain the passwords.
The authentication provider’s services are built for the cloud, but their compatibility with on-premises applications has made them a popular choice for big organizations. The Okta website states that the company has 15,000+ clients who entrust the company with access to their sensitive data.
Evolving Cyber Attacks Require Constant Vigilance
Okta is the most recent in a long line of cloud vendors targeted by cyber attackers. Cybersecurity experts worry that the potential for access to many large companies’ data will continue to make Okta an enticing target for attackers. This recent security breach highlights the importance of comprehensive cyber security for companies of all sizes.
Even small and midsize businesses may be affected by a data breach, especially if they choose to work with a vulnerable cloud storage provider. Companies should only work with trusted providers when establishing and maintaining their cyber security systems. Entrusting the wrong companies with your data may prove disastrous. According to this article, as many as 70% of customers who store data with cloud vendors may be at risk of their data being exposed.
Whether you exclusively utilize on-premises or cloud-based storage, or use a combination of the two, we recommend you speak with a managed IT services provider about how to improve your IT security. Regular security monitoring, automatic updates, and strong firewalls and encryption are all necessary components of an effective IT security approach. Our team is happy to discuss how we use these components to create state-of-the-art security for our clients. Contact us to learn more about cyber security for your company!