When It Comes To Cyber Threats, All Roads Lead To Identity


Today is Identity Management Day, and industry experts tell us why identity management is no longer a choice

Every day a new cyber incident makes headlines. This is mainly because organisations manage more identities than ever before and cannot attain a 360-degree view of all their identities, creating exposure.

Last week, the mobile payment service Cash App acknowledged a data breach in which a former employee accessed reports that included US customer information.

This incident highlights the importance of putting in place strong access controls. A survey found that 82 per cent of organisations, small and large, say they now are committed to adopting a Zero Trust security architecture. Another survey revealed that 75 per cent of organisations characterise Zero Trust as critically or very important to bolstering their overall cyber maturity.

“As the perimeter becomes ever more fragmented, it’s important to highlight identity as key to our cybersecurity strategies. Identity Management Day provides an excellent opportunity to focus on this,” said Brian Chappell, chief security strategist at BeyondTrust. “As more and more organisations need to deal with a dispersed workforce operating in unknown networks still requiring access to core systems.”

Robust identity management solutions are imperative for organisations to govern user identities, assign need-based access to sensitive data, and monitor who is trying to access what. These solutions also nullify passwords, leveraging multi-factor authentication to prevent attackers from using stolen credentials to infiltrate devices or networks.

According to Chappell, we can’t build traditional infrastructure defences when our users need access from basically anywhere. “The only aspect we can rely on consistently is the user’s identity, meaning that the mechanisms we use to provide identity must be as robust as they can be while still being flexible.”

“Once we have a stable identity platform, we need to consider how we manage and maintain the entitlements assigned to those individuals and all of the default identities that exist. Ensuring that we keep our control and operational planes separate and secure within our environments across multiple service providers will be an ongoing challenge for our cybersecurity teams. A challenge that starts with identity,” adds Chappell.

Identity theft has become a business with cybercriminals looking to take advantage of consumers’ changing behaviours and increased digital footprint to launch coordinated attacks and convincing scams. Enterprises must incorporate identity management into their overall modernisation roadmap to keep up with rapid cyber threats.

When it comes to cyber threats, all roads continue to lead to identity, according to Joseph Carson, Chief Security Scientist & Advisory CISO, Delinea. “Digital transformation, the move to cloud, and requirements for remote work have only made it easier for cybercriminals as organisations struggle to secure an expanded threatscape and get a handle on identity sprawl.”

This year, identity-first security continues to be a top priority for businesses to protect against outsider cyber threats and ensure that the right users have access to the right information.

There are a number of tools in the market, including Azure Active Directory that helps secure access to on-premises and cloud applications, including Microsoft web services; Oracle Identity Cloud Service provides identity management, SSO, and identity governance for applications on-premises, in the cloud or for mobile devices; and OneLogin Access offers a cloud-based identity and access management tool that provides simple single sign-on, making it easier for companies to secure and manage access to web applications in the cloud and behind their firewalls.

“Companies of all sizes need to focus on centralising identities while reinforcing best practices and training to ensure employees are doing everything possible to secure their credentials. Remember: it only takes one compromised identity to negatively impact the company’s financial performance, customer loyalty, and brand reputation, potentially costing millions of dollars,” added Carson.

Identity management solutions continue to evolve, and with technology and tools within reach for enterprises, enterprises must start planning for cyber threats and adjusting their strategy now.

If you liked reading this, you might like our other stories

Zero Trust Level
Will Cyber Threats Break Loose In The Metaverse?