This week’s blog features an article from industry experts at Identity Defined Security Alliance sharing their insights on Identity Management Day 2023 and the Importance of Strong Identity Security for individuals and businesses alike.
The scope of identity and access management (IAM) has expanded over the years. In the beginning, IAM was concerned only with identities that represented humans, but more recently it has grown to encompass not only tools and technologies but processes through which digital identity is defined and managed to provide access to digital resources. IAM has evolved in response to new technologies and the vulnerabilities they introduce. In a back-and-forth pattern, IAM responds to changes in the threat landscape and the threat landscape responds to changes in IAM, and the cycle goes on.
A group of McKinsey’s technology practice leaders have taken a look at what 2023 might hold, and offer a few new year’s tech resolutions to consider.
IAM’s Evolution Over the Years
The critical nature of IAM makes it an essential component of cybersecurity. Good security hygiene includes a sound IAM strategy where all identities are managed with consistent policies and tools that provide security leaders with an understanding of who has access to its resources (especially the critical ones).
But keeping a high level of security – including good security hygiene – becomes more challenging with each passing day. The modern work-from-anywhere workforce demands access on any device and for any services. This requires digital identities to be securely established and verified, enabling secure digital communications to support e-commerce and other critical digital services. Not only are services located anywhere in the world, but there are also varying levels of trust and security required to assure that transactions are legitimate and sensitive data is safeguarded.
Things certainly have changed from the pre-internet days when all assets were controlled within private data centers and access was restricted to company-controlled devices and networks. The new era exposes users and organizations to new risks due to the expansion of digital services, increasing the threat and attack surface.
Coupled with this increased risk is the acceleration of regulations meant to hold organizations accountable for protecting customer data and giving consumers the ability to better control what data can be shared. Furthermore, the original technologies that provided identity and access management are built on legacy platforms and are unable to support these new requirements, forcing organizations to consider modern platforms and services that support these new use cases.
Cyber Attacks Have Also Evolved
It’s not a moment too soon to improve security, because hackers are always looking for novel ways to steal data. In fact, according to the 2022 Verizon Data Breach Investigations Report, there’s no let up in sight: “The past year has been extraordinary in a number of ways, but it was certainly memorable with regard to the murky world of cybercrime. From very well publicized critical infrastructure attacks to massive supply chain breaches, the financially motivated criminals and nefarious nation-state actors have rarely, if ever, come out swinging the way they did over the last 12 months.”
And the cost of a data breach is going up as well. IBM Security reports that the global average cost of a data breach increased 2.6% from $4.24 million in 2021 to $4.35 million in 2022 — the highest it’s been in the history of its “The Cost of a Data Breach Report.”
The Verizon report points out that 80% of data breaches are the result of compromised login credentials. Credentials can be compromised by weak passwords, phishing, social engineering, malware, etc. And the recent advent of ChatGPT-style bots will certainly be exploited by cyber attackers. For example, lulling a user into a conversation that results in the user divulging personal information that can be used to compromise accounts. One more statistic from the Verizon report: “The human element continues to drive breaches. This year 82% of breaches involved the human element. Whether it is the Use of stolen credentials, Phishing, Misuse, or simply an Error, people continue to play a very large role in incidents and breaches alike.”
A Few Notable Data Breaches of 2022
Red Cross Data Breach
January 2022. An attack on servers exposed the personal information of more than 500,000 people receiving services from the Red Cross and Red Crescent Movement.
Neopets Data Breach
July, 2022. Account information for 69 million users of the popular children’s game Neopets was exposed, including names, email addresses, zip codes, genders and birth dates. The attackers had access to the Neopets IT systems for 18 months before the breach was discovered.
DoorDash Data Breach
August, 2022. DoorDash experienced a data breach that exposed the personal information of 4.9 million customers, workers and merchants. A third-party vendor was the target of a sophisticated phishing campaign. Information exposed included names, email addresses, delivery addresses, phone numbers and some partial payment information.
It’s no surprise that identity today has risen in importance as organizations recognize what’s at stake. Identity has become the first line of defense against cyberattacks. An organization’s brand and reputation are intertwined with its ability to avoid breaches and protect customer data, and identity security has become a board-level initiative prioritized by C-level executives.
Where Identity Management Day Comes In
The good news is that there are things we can do to minimize cyber threats. But the bad news is that most of us aren’t actually doing them. Raising awareness and reminding users and organizations to be vigilant is key.
Identity Management Day is a day dedicated to informing people and organizations about the dangers of casually or improperly managing and securing digital identities. We do this by raising awareness, sharing best practices, and inspiring individuals and organizations to act.
Identity Management Day, co-sponsored by IDSA and the National Cybersecurity Alliance (NCA), provides an opportunity for all of us to evaluate our role in protecting our digital ecosystem. Whether acting as consumers or employees or partners, our online behaviors matter. Reusing a password or clicking on a suspicious link can wreak havoc in our individual lives, but it can also be an opportunity for a cyber attacker to get a foothold inside a corporate network.
Identity Defined Security Alliance has put together a list of best practices to maintain safe identity security. A few examples include password management tools, multi-factor authentication, and identity verification services.
Maintaining a high level of security hygiene gets more challenging each day. Digital identities and transactions must be safe and secure in order to protect your company’s reputation and your bottom line. It’s time to implement innovative cybersecurity and IT solutions for these modern threats. That means your business needs a technology solutions partner that is experienced, proactive, and aware of the constantly evolving landscape. That’s where we come in to help lead the way!
Partner with Computers Nationwide to protect your SMB and employees from identity theft and data breaches. We work with industry-leading partners to provide the best defenses available for success!
Is it time to upgrade your identity management system?
Do you need to enhance your identity security protocols?
CN would love to help! Let’s connect: (847) 419-9900