Thus, Okta is warning all of its customers to be prepared for similar phishing and social engineering cyber-scams. "Given that names and email addresses were downloaded, we assess that there is an increased risk of phishing and social engineering attacks directed at these users," Bradbury wrote. "While 94% of Okta customers already require MFA for their administrators, we recommend all Okta customers employ MFA and consider the use of phishing-resistant authenticators to further enhance their security." The company added that it does not have any evidence the compromised Okta customer data is being actively exploited yet, however. Cybersecurity experts advise Okta customers to focus on cybersecurity best practices, including user training. "What is needed to secure Okta customers is a focus on best practices; for example, 6% of their users do not have multifactor authentication enabled," says Viakoo CEO Bud Broomhead. "Likewise, setting session timeouts or requiring reauthentication for sessions from a new IP address should be done across all Okta users." That bit of bad news for Okta customers was tempered by another piece of data out of Okta on Nov. 29. According to its latest quarterly financial report, the company announced that it has seen a more than 20% increase in revenues. The bottom-line growth increase is marked for the quarter ending Oct. 31, the same quarter Okta's systems were used in high-profile breaches of MGM and Caesars. "Our Q3 performance was highlighted by solid top-line growth, record non-GAAP operating profit, and record free cash flow," Todd McKinnon, CEO and co-founder of Okta, said in a statement about the company's earnings. "We are particularly enthusiastic about the adoption of Okta Identity Governance and the general availability of Okta Privileged Access, which uniquely positions us as the only unified modern identity platform. Over 18,800 leading organizations around the world put their trust in Okta and we are thankful for their continued partnership." The news of the leaked customer data did drive down Okta stock prices when it happened, but the investor fallout appears to be hovering in the single digits. That said, the time lag for sales revenues to be impacted by major cyber incidents like the ones Okta has experienced should be taken into account when analyzing whether the breach impacted the brand, according to Jasson Casey, CEO of Beyond Identity. "The sales cycle for midmarket customers is typically three to four months, while the enterprise sales cycle can be six-plus months," Casey tells Dark Reading. Casey tells Dark Reading that personally, he's seeing a market shift away from Okta. "Anecdotally, we're seeing a large number of companies actively search for migration pathways from Okta to other SSO platforms due to the continued string of news related to Okta security practices," he adds. "Okta has a hard road in front of them to convince the mid/enterprise market that security is a foundational principle given their continued missteps over the last two years." Okta did not immediately return a request for comment from Dark Reading.
This Cyber News was published on www.darkreading.com. Publication date: Thu, 30 Nov 2023 22:55:27 +0000