Skip to content

Choosing a software solution: Eight things to consider for the NIS2 directive

The Network and Information Securities Directive (NIS) 2 aims to increase the security and resilience of essential services and digital infrastructure in the European Union. It affects essential entities (including energy, transport, and banking) and important entities (such as postal, food, and manufacturing).  

The legislation came into force on 18 October 2024, following the creation of national laws based on the directive. Key requirements include risk assessment, management and prevention, incident reporting within 24 hours, and backup and disaster recovery.

Software can help mandated organisations maintain compliance and stay ahead of cybersecurity threats. Here’s what you should look for in NIS2 compliance software.

What do you need to keep in mind when choosing a new software solution?

Fines and punishments for NIS2 are stringent – up to 2% of global annual revenue. Staying compliant isn’t just a cybersecurity matter, it’s a financial one. 

CloudM helps you meet the NIS2 implementation requirements with Backup, our solution for preventing data loss and ensuring recovery and restoration. Backup keeps data protected in the background, while you’re free to focus on the business.

€10 million

Essential entities face fines of up to €10 million or 2% of global annual revenue.

€7 million

Important entities face fines of up to €7 million or 1.4% of global annual revenue

 

These software features help stay on track and ensure compliance with the NIS2 directive.

 

1. Automation

Under the NIS2 directive, organizations need to have regular backups so critical data can be restored following an incident. When this process is automated it reduces the risk of human error and enables business continuity. Features like automated event logging and detection also mean you’re in a better position to meet the 24-hour incident response time. 

 

2. Support

With just 24 hours to respond to an incident, additional support from your software vendor can be a lifeline.

Responsive, round-the-clock support helps you navigate incidents swiftly and effectively within 24 hours. Beyond incident support, modern software providers also offer guidance and training on how to use tools effectively, so you can ensure future NIS2 compliance and be prepared for what’s ahead. 

 

3. Security and compliance

Effective prevention can help you avoid the most harmful situations. Using end-to-end encryption, single sign-on, multi-factor authentication, and role-based access controls protects your data. Your software provider should also meet security standards, such as ISO 27001, which demonstrates they use data protection best practices.

 

4. Incident reporting 

You need fast and comprehensive incident reporting mechanisms to meet the 24-hour requirement for NIS2 compliance

Real-time monitoring, alerting, and automated logging of suspicious or unusual activity can help you achieve this. These features enable your security team to respond effectively before any damage is done – and means instead of searching for the specific cause, they can focus on solutions for recovery first.

 

5. Disaster recovery

As the spate of recent NHS cyberattacks prove, security breaches are a real threat, with serious consequences for organizations.

Data recovery tools help to ensure business continuity. Frequent, automated data backups enable you to recover the most recent file versions. Flexible restoration options – such as folder, user, and item-specific recovery – can be particularly helpful if you only need to complete a partial restoration. 

 

6. Scalability and flexibility

Organizational data grows as your business does, and the ability to handle more of it is essential for NIS2 compliance. Every piece of data your organization gains is something that could leak or be accessed by a cybercriminal. 

Finding software that’s scalable and flexible will help you maintain business continuity. Whether you’re responding to regulatory or organizational changes, having software that grows with you and updates in line with new legislation is key. 

 

7. Data protection and privacy

Strict data retention controls – including the ability to wipe data as needed and limit access to business-critical data – can help you meet NIS2 directive risk management requirements.

Security requirements differ in every region, and your software should be able to accommodate these variations. Consider the range of security standards your organization needs to meet – and whether your chosen provider is set up for future changes. 

 

8. Customizable security settings

All organizations require different levels of data access. Getting this right can help you meet NIS2 risk management, incident prevention, and corporate accountability requirements.

Opt for software with adjustable access levels and protocols depending on organization size and the amount of data. By assigning specific permissions to people in your organization, you can limit the risk of data falling into the wrong hands.

 

About CloudM
CloudM is an award-winning SaaS company whose humble beginnings in Manchester have grown into a global business in just a few short years.

Our team of tech-driven innovators have designed a SaaS data management platform for you to get the most from your digital workspace. Whether it’s Microsoft 365, Google Workspace or other SaaS applications, CloudM drives your business through a simple, easy-to-use interface, helping you to work smarter, not harder.

By automating time-consuming tasks like IT admin, onboarding & offboarding, archiving and migrations, the CloudM platform takes care of the day-to-day, allowing you to focus on the big picture.

With over 35,000 customers including the likes of Spotify, Netflix and Uber, our all-in-one platform is putting office life on auto-pilot, saving you time, stress and money.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

A complete guide to the Zero Trust maturity model

Summary: The Zero Trust maturity model helps organizations improve security by outlining stages for adopting continuous verification of users, data, and data access.

According to IBM’s 2024 Cost of a Data Breach Report, the global average cost of a data breach has surged to $4.88 million, a 10% increase from the previous year. This was the largest annual jump since the COVID-19 pandemic.

Traditional security models, which rely heavily on perimeter defenses, are no longer enough to handle today’s sophisticated cyber threats. Malicious actors and insiders can easily bypass these defenses, exploiting outdated systems to gain unauthorized access to sensitive data.

This is where the Zero Trust maturity model comes into play. It offers a modern approach to security, shifting from the outdated “trust but verify” mindset to the more robust “never trust, always verify” principle. The Zero Trust maturity model provides a framework that helps organizations implement this advanced security in stages.

By assessing your organization’s place within the model, you can enhance your defenses, safeguard sensitive data, and stay ahead of evolving cyber threats.

What is the Zero Trust maturity model?

The Zero Trust maturity model is a strategic framework that helps organizations gradually shift from traditional perimeter-based security methods to a more comprehensive Zero Trust approach. Unlike older models that assume trust within the network, Zero Trust requires continuous verification of all users and devices, regardless of their location.

This model provides a clear roadmap for assessing an organization’s cybersecurity posture, outlining stages to improve security protocols over time. It emphasizes verifying users, devices, and data access at every level to effectively counter threats, both external and internal.

The stages of the Zero Trust maturity model

The Zero Trust maturity model breaks down the process of adopting Zero Trust principles into several stages. Each stage represents a different level of security preparedness and implementation. Let’s take a closer look at these stages:

1. Initial/Ad-hoc stage

At the initial stage, security measures are primarily reactive rather than proactive. Organizations may not have formal Zero Trust policies yet. While multi-factor authentication (MFA) might be used inconsistently, organizations often rely on perimeter-based security like firewalls and VPNs. Security practices tend to be inconsistent, with minimal internal monitoring. Once inside the network, trust is often assumed rather than verified.

Key characteristics:

  • Multi-factor authentication (MFA) may be in place but not consistently enforced
  • Lack of visibility into internal traffic
  • No consistent identity verification
  • Limited control over device access

2. Developing/Basic stage

In the developing stage, organizations start to recognize the need for stronger security measures. They consistently enforce multi-factor authentication across all tools handling sensitive information. This phase marks the early implementation of Zero Trust principles, focusing on critical areas such as identity management and access control. Security policies are still evolving, but there is an increasing emphasis on monitoring and segmentation.

Key characteristics:

  • Consistent enforcement of MFA across all critical systems
  • Basic identity management in place
  • Limited monitoring of user activity
  • Partial implementation of access control policies
  • Introduction of network segmentation

3. Defined/Intermediate stage

At the defined stage, the organization has implemented clear security policies that align more closely with the Zero Trust framework. Role-based access control (RBAC) and device management have become integral parts of the security structure. Internal monitoring is more robust, leading to a clearer understanding of who has access to what resources.

Key characteristics:

  • Established Zero Trust security policies
  • Role-based access control
  • Centralized identity management
  • Regular network traffic monitoring
  • Secure device management

4. Managed/Advanced stage

At the managed stage, organizations have integrated advanced security technologies and processes. All network activity is continuously monitored and logged, and security incidents are detected and responded to using automation. The Zero Trust principles are now consistently applied across the entire infrastructure, reducing the risk of unauthorized access or lateral movement within the network.

Key characteristics:

  • Automated incident detection and response
  • Detailed auditing and reporting
  • Comprehensive device posture management
  • Continuous network and resource monitoring

5. Optimized/Strategic stage

At this final stage, Zero Trust architecture is deeply embedded into the organization’s culture and systems. Security is automated and adaptive, using machine learning and artificial intelligence to predict and prevent threats. Zero Trust is applied to every aspect of the organization, from user identity to applications and data.

Key characteristics:

  • Automated Zero Trust principles across all systems
  • Predictive security measures using AI/ML
  • Fully adaptive and scalable security practices
  • Minimal manual intervention is needed
  • Continuous improvement through audits and reviews

How to assess your organization’s Zero Trust maturity

Understanding your current Zero Trust maturity level is crucial for making informed decisions about future security strategies. Here’s how to assess where your organization stands:

  1. Evaluate your security policies: Do you have consistent, clearly defined security policies? Are they aligned with Zero Trust principles, such as “least privilege” access and continuous verification?
  2. Examine access controls: Look at how access is granted across your network. Are all users, devices, and applications authenticated before they can access sensitive resources?
  3. Monitor network activity: Are you continuously monitoring traffic within your network, and can you detect anomalies quickly? Real-time visibility is a critical aspect of Zero Trust maturity.
  4. Review identity management: Ensure that you have robust identity verification protocols in place, including multi-factor authentication and role-based access control.
  5. Assess automation: The higher levels of the Zero Trust maturity model require automation for threat detection and response. Consider how much of your security operations can be automated.

Benefits of Zero Trust maturity

Reaching a higher level in the Zero Trust maturity model brings numerous benefits that extend beyond just improving security—it also enhances overall operational efficiency.

One of the primary advantages is the reduced risk of breaches. Verifying every user and device at each access point greatly lowers the chance of unauthorized access. This constant verification creates a more secure environment and helps prevent breaches before they occur.

Another key benefit is enhanced visibility. Continuous monitoring of network traffic and internal activities gives organizations real-time insight into their systems. This enables them to quickly detect anomalies and respond to potential threats before they escalate into serious security incidents.

A mature Zero Trust framework also promotes better compliance with industry regulations. In sectors with strict data security laws, ensuring that your organization meets legal requirements is essential. Zero Trust helps keep your security practices aligned with these regulations, reducing the risk of compliance violations.

Lastly, improved user experience is a notable advantage. Contrary to the belief that tighter security might hinder usability, Zero Trust solutions are designed to authenticate users smoothly. This provides a seamless experience for authorized users while maintaining the highest level of security.

Challenges of the Zero Trust maturity model

Adopting the Zero Trust maturity model is not without its challenges. Here are some common hurdles that organizations face:

  • The complexity of implementation: While moving from a perimeter-based approach to Zero Trust may seem complex, it doesn’t have to be. The challenge often arises when organizations attempt to implement various solutions for different Zero Trust policies. However, choosing a comprehensive solution like NordLayer, which is cloud-based, compatible with hybrid networks, and offers a strong ZTNA framework, can simplify the process.
  • Resource demands: Implementing Zero Trust architecture can require time, money, and expertise. While there are upfront costs, selecting a smart, comprehensive solution pays off over time, especially considering the potential financial damage from security breaches.
  • Cultural resistance: Changing the security culture within an organization may meet resistance, as employees could see new policies or technologies as obstacles. This is why it’s crucial to adopt simple, intuitive solutions that make it easier for everyone to accept changes.
  • Legacy systems: Some organizations still rely on legacy systems that may not be fully compatible with modern Zero Trust principles, which can make complete implementation challenging.

By understanding these challenges and taking a strategic approach, organizations can overcome them and create a robust Zero Trust architecture that evolves alongside digital threats.

How NordLayer can help

NordLayer’s Zero Trust solutions equip your organization with the essential tools to safeguard data and resources effectively. They make it easy to navigate the complexities of the Zero Trust maturity model. Whether you are just beginning to adopt Zero Trust principles or looking to optimize an existing framework, our scalable and secure solutions support you at every stage.

  • Secure remote access: Implement secure remote access policies with Site-to-Site VPN and Smart Remote Access to ensure smooth, encrypted connectivity for your distributed teams.
  • Granular network access control: Gain precise control over your network with Virtual Private Gateways, Cloud Firewall, and Device Posture Monitoring. This allows you to ensure that only the right people—or secure devices—can access sensitive network resources.
  • Multi-layered authentication: Strengthen authentication practices with additional multi-factor authentication and biometric checks. You can also set custom session durations to ensure frequent re-authentication, making access more secure.
  • Comprehensive monitoring & logs: Stay informed of who and what is accessing your network with Session and Device Connection Monitoring Logs. These tools provide visibility into every device and user, ensuring full network transparency.
  • Advanced security features: NordLayer offers Device Posture Security, behavioral analysis, and automated threat detection to help protect sensitive resources while maintaining seamless access for authorized users.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

77% of MSPs Struggle with Juggling Multiple Cybersecurity Solutions, Guardz Survey Finds

In a recent survey conducted by Guardz, over 260 US-based Managed Service Providers (MSPs) shed light on the significant challenges they face while protecting their small business (SMB) clients from the growing cyber threat landscape. The findings reveal a complicated picture for MSPs as they juggle a vast array of cybersecurity solutions, manage overwhelming data, and strive to keep up with rapidly evolving threats.

Here are the key takeaways from the survey:

  • 77% of MSPs are managing between 4 to 10 cybersecurity point solutions to protect their clients, with 12% managing more than 10.
  • 47% of MSPs are overwhelmed by the large volumes of security data, contributing to alert fatigue and making it harder to focus on what matters most.
  • 42% report challenges in implementing advanced threat detection technologies, highlighting the complexity of managing modern cybersecurity tools.

The Complex Reality for MSPs

The role of an MSP in today’s digital-first, remote-working world has become increasingly difficult. SMBs often rely on MSPs to manage their cybersecurity needs since they lack the internal expertise and resources to protect themselves effectively. However, for MSPs, this responsibility comes with its own set of hurdles, particularly the need to juggle multiple cybersecurity solutions at once.

Understanding the Biggest Threats MSPs are well aware of the risks their clients face daily. According to the Guardz survey, the most critical threats to client cybersecurity are:

  • 37% cited data leakage as the most significant concern.
  • 28% pointed to phishing attacks, a persistent and adaptable threat.
  • 23% highlighted ransomware, known for its devastating financial and operational impacts.

These statistics reveal the diverse nature of cybersecurity threats that MSPs must contend with. Data leakage, phishing, and ransomware are distinct challenges that require varied tools and strategies to combat effectively. For MSPs managing multiple clients with differing levels of awareness and resources, this trifecta of threats poses a significant test to their operational agility.


Guardz’s survey uncovered that 65% of MSPs are juggling between 4-9 cybersecurity point solutions, while a further 12% are using 10 or more solutions simultaneously. Each platform comes with its own set of alerts, data streams, and integration challenges. As a result, MSPs are tasked with manually piecing together insights and managing vast quantities of information while striving to keep their clients secure and grow their businesses.


Business Growth and Staff Challenges

Running a successful MSP business involves more than just technical know-how. 45% of respondents said new client acquisition was a top business challenge, while 44% highlighted the difficulty in expanding and scaling their services, and 43% pointed to client retention and satisfaction as persistent issues.

Adding to these hurdles, 44% of MSPs reported resistance to change among their staff when integrating new technologies. This is likely tied to the 41% who pointed out a lack of training for each platform they manage. Without comprehensive training, teams struggle to use the tools effectively, impacting the quality of service and operational efficiency.


Guardz’s Commitment to Empowering MSPs

These survey results confirm that MSPs need support that goes beyond just more tools. Guardz recognizes that what MSPs need is a platform that can unify their cybersecurity operations, streamline data, and provide an integrated approach that addresses multiple challenges at once. Guardz’s AI-driven solution helps MSPs cut through the noise, reduce the need for numerous point solutions, and simplify their cybersecurity approach while staying adaptable to new threats.

Dor Eisner, CEO and Co-Founder of Guardz noted, “Despite the challenges of utilizing multiple-point solutions, few individual cybersecurity tools can address the entire range of an SMB’s needs. Many solutions are designed for larger enterprises and are far too complex or cumbersome for small businesses, leaving them vulnerable. At Guardz, we aim to empower MSPs with an all-encompassing, AI-powered platform that is tailor-made for the specific needs of SMBs.”

Guardz: Empowering MSPs with AI-Powered Solutions

At Guardz, we recognize these challenges and are committed to providing solutions that streamline cybersecurity for MSPs and help them deliver best-in-class protection for SMBs. Our mission is to simplify the complex landscape that MSPs must navigate, offering a unified, AI-powered cybersecurity platform that integrates advanced threat detection, response capabilities, and the necessary insurance to help protect their clients from both breaches and the financial impact of cyber incidents.

With many existing cybersecurity solutions designed for larger enterprises, the MSP community has found it difficult to apply these tools effectively for SMBs. Guardz is changing that by providing an agile platform specifically designed to be effective, easy to implement, and efficient for the MSP community.

The Data Overload Problem

One of the survey’s most surprising findings is that 47% of MSPs are overwhelmed by the sheer volume of security data they must process daily. These vast quantities of alerts and logs contribute to what’s known as “alert fatigue”—when cybersecurity professionals are bombarded with so much information that they become desensitized to it. This can lead to missed or delayed responses to actual threats, putting their SMB clients at greater risk.

Managing and making sense of this data is a time-consuming process that distracts from proactive security management. As a result, many MSPs find themselves reacting to issues after they’ve occurred rather than preventing them.

To counter this, Guardz’s AI-powered solution offers automated data analysis and filtering capabilities, allowing MSPs to focus on real threats while reducing false positives. This automation empowers MSPs to spend less time sifting through data and more time growing their businesses and delivering value to their clients.

Advanced Threat Detection: The Need for Simplicity

The cybersecurity threat landscape is evolving at an unprecedented rate, and MSPs are acutely aware of this fact. A significant 42% of respondents noted that keeping up with advanced threat detection technologies was a major challenge. These technologies are critical for identifying and stopping new, sophisticated attacks before they cause significant harm to SMBs.

However, many of these advanced tools are difficult to implement and manage. MSPs are often faced with the task of integrating these solutions into their existing cybersecurity stacks, which may not be compatible. This adds another layer of complexity to an already intricate cybersecurity ecosystem.

Guardz addresses this challenge by providing MSPs with a unified platform that simplifies the deployment of advanced threat detection technologies. By offering out-of-the-box integration and an intuitive interface, Guardz ensures that MSPs can easily manage and implement cutting-edge cybersecurity tools without the usual friction associated with legacy systems.

Financial and Logistical Challenges: Too Many Costs, Too Little Training

The survey also revealed that 58% of MSPs struggle with the high costs associated with managing multiple cybersecurity solutions, while 56% reported integration issues with their current platforms. Financial and logistical constraints are a key factor in why many MSPs find it difficult to adopt new technologies regularly. Additionally, 41% of MSPs highlighted a lack of training for each platform they use, compounding their struggles.


Guardz is designed to alleviate these burdens by consolidating multiple cybersecurity functions into a single platform. This reduces overall costs for MSPs by eliminating the need to purchase and maintain multiple solutions. Furthermore, Guardz offers extensive training and support for its platform, ensuring that MSPs can hit the ground running with minimal disruption to their day-to-day operations.

Misconceptions Among SMBs: A False Sense of Security

Interestingly, the survey found that many MSPs believe their SMB clients have a false sense of security when it comes to their cybersecurity posture. 53% of MSPs said their clients underestimate the severity of cyber threats, and 50% noted that many SMBs rely too heavily on a single security solution, believing it’s enough to protect their business.

Additionally, 36% of MSPs reported that their customers fail to recognize the importance of cyber insurance, which could protect them financially in the event of a breach. And nearly half of the respondents (49%) said their clients mistakenly assume that compliance with industry regulations is synonymous with being secure.


At Guardz, we recognize that education is a crucial component of cybersecurity. We’re committed to helping MSPs communicate the importance of a holistic cybersecurity approach to their clients, emphasizing the need for both proactive defense and financial protection through cyber insurance.

Conclusion: Guardz’s Ongoing Commitment to MSPs

The challenges highlighted in Guardz’s survey underscore the need for MSPs to have access to tools that simplify cybersecurity management while addressing the unique needs of SMBs. At Guardz, we’re proud to partner with MSPs to provide a solution that streamlines their operations, reduces alert fatigue, and equips them with advanced, AI-powered protection.

Our commitment to the MSP community is steadfast, and we’ll continue to innovate and deliver solutions that enable MSPs to thrive while keeping their clients safe in an increasingly complex digital world. Read more about our survey findings and how Guardz can empower your MSP business today!


Start Free Trial

About Guardz
Guardz is on a mission to create a safer digital world by empowering Managed Service Providers (MSPs). Their goal is to proactively secure and insure Small and Medium Enterprises (SMEs) against ever-evolving threats while simultaneously creating new revenue streams, all on one unified platform.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

SealPath Shines at IT Security Conference 2024, Addressing Critical Data Protection Strategies

“We all agree that data is fundamental to an organization today. Without data, we lack the ground,” said João Arriaga, Country Manager at SealPath, in his speech on the Technical Tracks stage, where he also stressed the central importance of data for the operation and survival of companies.
In an insightful session at the annual IT Security Conference in Lisbon, SealPath once again demonstrated its commitment and leadership in innovative data protection solutions. Entitled “The Importance of Identifying the Most Risky Data in an Organisation”, our expert Joao’s presentation highlighted the emerging challenges and dynamic strategies for achieving robust data security in today’s business environment.

This year’s conference, which brought together top professionals and thought leaders in cybersecurity, provided the perfect backdrop for SealPath to articulate how advanced, data-centric security measures can profoundly shield and protect organizational data across all platforms. Our session, particularly noted for its depth and clarity, was also featured in the IT Security’s magazine article.

Reflecting on the event, Luis Ángel del Valle, CEO of SealPath, noted, “Our participation in this year’s IT Security Conference was yet another opportunity to share insights with our peers and demonstrate SealPath’s deep commitment to evolving data protection standards. We are pleased to provide thought leadership that resonates within the cybersecurity community.” Read the full article in IT Security Magazine here. (Portuguese). About IT Security Magazine

IT Insight Security appears in a context of accelerated digital transformation and, at the same time, growing vulnerability to cybercrime, with a different and innovative perspective. It is a publication born in the digital world, conceived from scratch for this new reality and which will combine a rigorous factual approach with an analysis of the market and the strategic and leadership challenges required to meet this growing challenge.

About SealPath
SealPath is the European leader in Data-Centric Security and Enterprise Digital Rights Management, working with significant companies in more than 25 countries. SealPath has been helping organizations from different business verticals such as Manufacturing, Oil and Gas, Retail, Finance, Health, and Public Administration, to protect their data for over a decade. SealPath’s client portfolio includes organizations within the Fortune 500 and Eurostoxx 50 indices. SealPath facilitates the prevention of costly mistakes, reducing the risk of data leakage, ensuring the security of confidential information, and protecting data assets.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Unpacking the Okta Data Breach

Unpacking the Okta Data Breach: How It Happened

In recent years, the increasing frequency of data breaches has raised concerns among businesses and consumers alike. The Okta data breach serves as a stark reminder of these vulnerabilities, especially considering that in 2024, the average total cost of a data breach in the United States reached a staggering $9.36 million. This incident not only highlights the financial implications of such security failures but also underscores the importance of timely detection. With an average of 194 days taken globally to identify a data breach in 2024, which is a slight improvement from 2023, , organizations must prioritize their security measures to mitigate risks and protect sensitive information.

Who is Okta?

Founded in 2009, Okta is an identity and access management company. It was a forerunner of single sign-on, and many companies adopted the Okta portal to reduce the number of passwords users have to deal with. Okta also provides API access management, MFA, and other IAM solutions.  

Discovery of the Breach

The Okta data breach started when an employee’s Gmail account was compromised.  They had logged into their personal Gmail on their work laptop and also saved their work credentials in Chrome.  The compromise led to malware being installed on the laptop, which was used to gain access to Okta’s support system.  The hackers targeted the unsanitized HAR files submitted by Okta’s customers during the normal troubleshooting process.  The hackers then went to these companies and tried to breach their systems, largely without success. 

It was 1Password, an Okta customer, that first alerted Okta of suspicious activity that they suspected had originated with Okta in late September of 2023.  Okta suspected that 1Password had been the victim of a phishing attack and dismissed the claim.  

A few days later, on October 2nd, BeyondTrust uploaded a HAR file to Okta support while working on an issue.  A HAR file is a log of a web browser’s interaction with a website and is useful for diagnosing performance and other issues. Within 30 minutes, they saw an attacker attempt to breach the BeyondTrust Okta environment using a valid session cookie.  Thankfully, they had authentication policies in place that only allowed trusted users on trusted devices to access their Okta environment.

On October 17th, using the information provided by BeyondTrust, Okta pinpointed a service account with unusual activity that had previously gone unnoticed.  The service account and all associated sessions were terminated.  

On October 19th, Okta notified 1Password, Cloudflare, BeyondTrust, and a couple of others that they had been impacted by a data breach. At this time, Okta believed these were the only customers impacted.  

Finally, in December 2023, the full scope of the breach was revealed. The hackers gained access to the files of 134 different customers and also downloaded a report listing the names and e-mail addresses of all customers who had used Okta support. These were used to launch phishing and other targeted attacks against the companies who had the bad luck to have needed Okta’s support.  

What next?

After notifying the impacted customers and the appropriate regulators, Okta set to work. As an identity provider, transparency and thoroughness were the only hope of regaining customer trust. 

  1. Independent Forensic Investigation: Okta engaged Stroz Friedberg, a leading cybersecurity forensics firm, to conduct an independent investigation, which confirmed the company’s initial findings and identified no further malicious activity.
  2. Security Enhancements: In response to the breach, Okta implemented several security improvements, including:
    • Zero Standing Privileges for Administrators: Ensuring administrative roles are assigned only when necessary and for limited durations.
    • Multi-Factor Authentication (MFA) for Critical Actions: Requiring additional authentication steps for high-impact administrative tasks.
    • Enhanced Session Security: Implementing measures to detect and block requests from anonymizers and applying IP binding to Okta products and the Admin Console.
    • Restricting API Access: Enforcing allowlisted network zones for APIs to prevent unauthorized access. 

Oka deserves credit for being forthright with how the breach happened and what steps they took to prevent it from happening again.  While Monday morning quarterbacking always takes place after a major breach, there are plenty of large organizations that had – undoubtedly still have – similar (or worse!) Holes in their security posture.  

A Better Way Forward

Some of the remedial actions taken highlight a critical problem that security measures often face – security comes at the expense of the user experience.  It makes sense to session-limit administrators, and enabling MFA ensures that a compromised password will not result in widespread access, but one can imagine the poor Okta admins constantly having to reauthenticate and fumbling for their phones to accept a push notification or find a one-time passcode a million times over the course of a single work day.  Besides the massive inconvenience this poses, it isn’t really addressing the real threat – after all, compromised credentials are the cause of over 80% of all data breaches.

Passwordless authentication is a rarity in that it is not only more secure but a significantly better user experience.  Rather than racing to get a push notification or waiting for a text message, the authentication process happens with no user intervention required.  Not only is this a win for users and security, but IT staff have far fewer password issues to deal with as well.  

An ounce of prevention is worth a pound of cure, as the saying goes, and while Okta set the standard for a clear, transparent post-breach response, the data breach itself serves as a reminder of the vulnerabilities inherent in traditional security methods.  Looking towards the future with passwordless authentication will stop the next breach before it happens (and let you put your phone down once in a while!)

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×