Last week saw the arrival of the third annual ‘Identity management day’, and here we take a deeper look at this fledgling awareness day in the cyber security calendar.
What is Identity Management Day?
It is a day designed to educate IT decision makers and business leaders on the importance of identity management and identity-centric security best practices. The day also teaches about key components such as governance, processes and technology, plus there is a special focus on the dangers of not properly securing identities and access credentials. Last year, the Identity Defined Security Alliance (IDSA) released a report entitled “2022 Trends in Securing Digital Identities”. The report revealed that 84% of organisations experienced at least one identity-related breach. As a result, a further 78% of these organisations suffered a direct business impact in the shape of high recovery costs, damages to business reputation and more.
Cyber-criminals can use any account or identity to gain a digital attack path. Whether posing as a customer, a vendor or as an internal employee, they can cause severe damage. This is why organisations need to be able to protect the identities of their users and the systems managing them. Identity security can help with this, and is effectively the process of detecting credential theft, the misuse of privileges and other methods that can create attack paths.
By adopting Identity Attack Surface Management (ID-ASM) and Identity Threat Detection and Response (ITDR) tools, organisations can address weaknesses in credentials and entitlement. They can detect live threats and prevent exposures such as credentials stored on endpoints, which enable cyber-criminals to extract information or conduct attacks in cloud environments.
Identity Threat Detection and Response is a relatively new detection solution in the identity security landscape. ITDR introduced a new category of security tools which look for attacks targeting identities. Once such an attack has been detected, a layer of defence is added in the shape of fake data designed to redirect attackers to a decoy. ITDR solutions also collect forensic data and gather telemetry on the processes used during an attack.
Tips on how to adopt an identity-centric security approach
- Be forward-thinking rather than reactive
- Recognise that identity links users, devices and cloud applications
- Make identity and access management critical aspects of your overall security strategy
- Identify, define and examine ALL identity types…
- Then define all vulnerabilities and risks for these types
- Examine your existing security strategy to find gaps associated with these risks
- Plan how you will address the gaps and then make a start
- Ensure that ALL employees are aware of your strategy and know what part they play within it
Did you do anything to mark Identity Management Day 2023? Or were you unaware of its existence until now? Does your organisation place strong emphasis on identity within its cyber security efforts?