It might seem like Active Directory is just another service that needs to be recovered in the wake of a cyberattack. But the reality is, AD is a keystone. If it’s compromised, so is your entire environment.
Nearly half (47%) of organizations use Active Directory as their primary identity store. 51% use it to varying degrees of importance alongside other identity stores, but only 1% of organizations either don’t use AD at all or are phasing it out.
Many organizations are taking a hybrid approach to identity and beginning to focus on the cloud interdependencies and complexities that result—but ignoring the fact that the entirety of their cloud identity is still syncing to on-premises Active Directory. AD is used as a source from which to sync other identity stores, so an AD compromise can cause a cascading effect as AD links with other cloud applications. This potentially problematic connection between cloud-based and on-premises assets becomes more pronounced as organizations scramble to support remote workers with mobile devices during the pandemic.
In “Rethinking Active Directory Security” on Help Net Security, Semperis CEO Mickey Bresman discusses the importance of organizations having a tested action plan for recovering Active Directory (AD) in the event of a cyberattack. Learn more from his article about steps companies can take to shore up defenses against AD-related cyberattacks, including ensuring that AD-specific monitoring is in place.