Okta now manages devices of third parties accessing its customer support tools

Share post:

Identity and access management provider Okta says a cyber attacker accessed the data of only two customers, not 366 as originally feared, after the hacking of one computer at a third-party support supplier by the Lapsus$ extortion gang. In a report Wednesday, Okta chief security officer David Bradbury said the January attack on customer support provider Sitel lasted only 25 minutes. “During that limited window of time, the threat actor accessed two active customer tenants within the SuperUser application (whom we have separately notified), and viewed limited additional information in certain other applications like Slack and Jira that cannot be used to perform actions in Okta customer tenants,” he wrote. The threat actor was unable to successfully perform any Okta configuration changes, multifactor authentication password resets or customer support “impersonation” events, Bradbury said. Nor was the attacker able to authenticate directly to any Okta accounts. Among a number of moves being made to improve customer trust, Okta is terminating its relationship with Sykes/Sitel, and will now directly manage all devices of third parties that access its customer support tools. A section entitled “Lessons Learned,” included three categories: 1. Third-party risk management:
  • Okta said it is strengthening its audit procedures of its sub-processors and will confirm they comply with its new security requirements. “We will require that sub-processors who provide Support Services on Okta’s behalf adopt ‘Zero Trust’ security architectures,” the report says, “and that they authenticate via Okta’s IDAM solution for all workplace applications.”
2. Access to customer support systems:
  • Okta will now directly manage all devices of third parties that access its customer support tools, providing the necessary visibility to effectively respond to security incidents without relying on a third party. “This will enable us to significantly reduce response times and report to customers with greater certainty on actual impact, rather than potential impact,” the report said.
  • The company is making further modifications to its customer support tool to restrictively limit what information a technical support engineer can view. These changes also provide greater transparency about when this tool is used in customer admin consoles (via System Log), it said.
3. Customer communications: Okta is reviewing its communications processes and will adopt new systems to communicate more rapidly with customers on security and availability issues. “It pains us,” Bradbury wrote, “that while Okta’s technology excelled during the incident, our efforts to communicate about events at Sitel fell short of our own and our customers’ expectations.” Last month Bradbury admitted that Okta should have moved faster to get the full report from Sitel about the cyberattack. The summary it saw led Okta to initially downplay the attack. It was only when the Lapsus$ gang published screenshots of the customer data it saw did Okta realize the possible problems. The post Okta now manages devices of third parties accessing its customer support tools first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

SUBSCRIBE NOW

Related articles

Cyber Security Today, May 29, 2024 – A new North Korean ransomware gang spotted, and more

A new North Korean ransomware gang spotted, and more Welcome to Cyber Security Today. It's Wednesday, May 29th, 2024....

Microsoft tries to regain trust of government cybersecurity leadership

Microsoft has embarked on an aggressive campaign to restore and enhance its cybersecurity image and regain trust within...

London Drugs refuses to pay ransom – corporate data is leaked

London Drugs, a prominent Canadian retailer, has confirmed a data breach involving sensitive corporate head office files, following...

Cyber Security Today, May 27, 2024 – Security controversy over a new Microsoft tool, a new open source threat intelligence service, and more

Security controversy over a new Microsoft tool, a new open-source threat intelligence service, and more. Welcome to Cyber Security...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways