In 2021, a survey by One Identity revealed that 75% of organizations characterizedOpens a new window Zero Trust as critically or very important to bolster their overall cyber maturity. AppviewX believes identity-first security will continue to be a top priorityOpens a new window for businesses in 2022. With Identity Management Day upon us, let’s use the occasion to hear from industry experts and leaders why identity management is no longer a choice and how to implement it the right way.
Earlier in April, Cash App (formerly Square Cash) was forced to notify up to 8.2 million U.S.-based customers after a former employee, who still enjoyed access to sensitive data, carted away full names and brokerage account details of customers.Â
“A former employee downloaded certain reports of its subsidiary Cash App Investing LLC (‘Cash App Investing’) on December 10, 2021 that contained some U.S. customer information,†said Block, Cash App’s parent company. “While this employee had regular access to these reports as part of their past job responsibilities, in this instance these reports were accessed without permission after their employment ended.â€
This incident highlights the importance of putting in place strong access controls, no matter which industry or sector an organization is operating in. Verizon’s 2021 Data Breach Investigations Report revealed that 85% of breaches involvedOpens a new window the human element, and research from Risk Based Security and Flashpoint revealed that 15% of 2,932 publicly reported breaches in the U.S. in 2021 resulted from insider actionsOpens a new window . In 2021, the likes of Ubiquiti, Proofpoint, Saudi Aramco, Pfizer, the UK Parliament and even the U.S. government suffered significant breaches due to actions taken by malicious insiders.
Robust identity management solutions, such as Zero Trust and Zero Trust Network Access (ZTNA), help organizations govern user identities, assign need-based access to sensitive data, and monitor who is trying to access what. These solutions also nullify passwords, leveraging multi-factor authentication to prevent attackers from using stolen credentials to infiltrate devices or networks. There are many identity management solutions in the market, but organizations have to choose the best ones that suit their environments and working styles.Â
Jason Lim, the founder and CEO of Cydentiq Sdn Bhd, says that identity security is not a one-time project. It is a journey. A journey that includes a series of initiatives that are incorporated with strategy, capabilities, vision, people, process and technology to continuously address the ever-changing identity landscape in the business.
With Identity Management Day around the corner, let’s use the occasion to hear from industry experts and leaders about why organizations should deploy robust identity management solutions to secure corporate and customer data, cloud assets, and financial transactions.
See More: Why Identity Has Become the Weakest Link in Enterprise Security
Why Identity Management Is the Need of the Hour
Mitigating unregulated third-party access
David PignoletOpens a new window , founder & CEO, SecZettaÂ
Even though third-party access is at the heart of more than 51% of security breaches, there is a gap in many organizations’ identity programs. Non-employees are given the same level of access as employees, often with less scrutiny in confirming they are who they claim to be. There is also little scrutiny of whether the level of access granted to them is appropriate and limited to only when needed. Managing all identities with the same diligence is a critical first step in creating a strong cybersecurity culture, inclusive of both employees and non-employees, and a resilient cyber framework to withstand ever-increasing cyber security threats.
Defending against credential theft
Tyler FarrarOpens a new window , CISO, Exabeam
Colonial Pipeline, SolarWinds, Twitch. All of these organizations have one thing in common: they suffered data breaches due to stolen credentials. Credential theft has become one of the most common and effective methods cyber threat actors use to infiltrate organizations and access sensitive data.Â
Credential-driven attacks are exacerbated mainly by a ‘set it and forget it’ approach to identity management. Organizations must build a security stack that is consistently monitoring for potential compromise. Organizations across industries can invest in data-driven behavioral analytics solutions to help detect malicious activity. These analytics tools can immediately flag when a legitimate user account is exhibiting anomalous behavior indicative of credential theft, providing greater insights to SOC analysts about both the compromised and the malicious user, which results in a faster response time.
Preventing identity-based attacks
David PutnamOpens a new window , Head of Identity Protection Products at NortonLifeLock
Identity theft has become a booming business with cybercriminals looking to take advantage of consumers’ changing behaviors and increased digital footprint to launch coordinated attacks and convincing scams. To protect against this threat, consumers need to take charge of their digital lives and proactively invest in identity theft monitoring, alert, and recovery services to help monitor threats to their identity and safeguard their personal information.
See More: How Hackers Bypass MFA and How to Prevent It: KnowBe4’s Roger Grimes
Tom AmmiratiOpens a new window , CRO, PlainID
Security risk vectors are dynamic and fluid, and as a result, data breaches continue to challenge even the most resilient enterprise architectures. Historically, the root cause of most breaches has been compromised credentials. As technologists, we are forced to evolve and innovate. To keep pace with the demands of digital work and life, organizations are implementing next-level technologies, processes, and policies to ensure that trusted identities have authorized access to digital assets. The goal is to allow the ‘right’ users to access the ‘right’ resources and ensure the wrong ones don’t. If we can do that, we can potentially prevent many of these breaches.Â
Security high-value transactions and online services
Jeremy GrantOpens a new window , Coordinator, Better Identity Coalition
So many services – in banking, health care, government, and e-commerce – depend on knowing “who is on the other side†of a transaction. Today, the ability to offer high-value transactions and services online is being tested more than ever, primarily due to the challenges of proving identity online. The lack of an easy, secure, reliable way for entities to verify the identities of people they are dealing with online creates friction in commerce, leads to increased fraud and theft, degrades privacy, and hinders many services online.
The good news is that these problems are not insurmountable. By prioritizing identity management and investing in digital identity infrastructure, we will prevent costly cybercrime, give businesses and consumers new confidence, improve inclusion, and foster growth and innovation across our economy.Â
Securing small and medium businesses
Chad ThunbergOpens a new window , CISO, Yubico
It’s reported that small businesses generate 44% of the U.S.economic activity. Many of them are vital to larger organizations’ overall supply chain and partner ecosystem. With attackers increasing their focus on the supply chain, it is imperative that these SMBs adopt fundamental security practices, including phishing-resistant MFA protocols, like FIDO, that are available as part of many Single Sign-On solutions as indicated by the “Sign in with†buttons. SMBs should also strongly consider using cloud data storage to mitigate ransomware threats and a password vault for those sites that have yet to adopt modern authentication.
See More: How To Stop the Credential Theft Problem: A Comprehensive Approach
Heath SpencerOpens a new window , CEO, TraitWare
While Big Business dominates the headlines for cyber-attacks, SMBs often underestimate the need for proper Identity and Access Management. Often ill-prepared, SMBs are, therefore, prime targets for attack – presenting low risk and high return for the cybercriminal.
All companies need to improve security to avoid disaster – with two must-haves: SSO and MFA. Multiple employee credentials for access to various applications increase friction, cost, and risk. A setup that combines passwordless MFA with SSO vastly reduces risk by eliminating phishable credentials and shrinking the attack surface, and reducing company costs and friction.Â
John ReadeOpens a new window , Information Systems Director at Quanterion Solutions Inc
Small businesses often struggle to develop and implement a plan for securing their identities due to a lack of time and resources. A strategy for securing digital identities may involve identifying the need; planning, developing, testing and implementing the response; and monitoring and maintaining the procedures and any software used. Those steps can become overwhelming for small businesses with staff shortages, small budgets or limited time.
However, securing identities can be tackled one project at a time. Setting up multi-factor authentication, using password managers, creating processes for identity data management, and scheduling automatic updates are all great places to start.
Following the CIA of cybersecurity
Nelson MoultonOpens a new window , Security and Network Operations Director at PacificEast
When InfoSec people refer to the CIA of cybersecurity, they’re usually talking about the Confidentiality, Integrity, and Availability of the data we work to protect and not the three-letter government entity. These three tenets of security are fundamentally dependent on trusting the identity of the user accessing the data; without surety of identity, how do you build trust about who can or cannot access what, where, when and how? In our remote workforce world, assuring the identity of BYOD users has presented a challenge to many SMB organizations. This demand has led to impressive growth and accessibility of trusted identity management solutions that enable us to work together, even when we’re apart.
Do you think identity management is getting the attention it deserves in 2022? Comment below or let us know on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!
MORE ON IDENTITY MANAGEMENT
- Review: Auth0 vs. OneLogin: Which Identity Authentication Tool Suits Your Needs the Best?
- 5 Predictions for the Future of Digital Identity, And the Challenges That Lie Ahead
- Why Identity Orchestration Remains the Missing Piece in the Access Management Puzzle
- 3 Tips for Identity and Access Management in the Evolving Security Landscape