By: Julie Smith, executive director, Identity Defined Security Alliance
According to the latest Verizon Data Breach Investigations Report, 61% of all breaches were a result of stolen credentials. It’s no wonder why nearly all (97%) respondents in a recent Identity Defined Security Alliance (IDSA) survey responded that they will make identity security investments in the next two years.
Founded by the IDSA and National Cybersecurity Alliance (NCA) in 2021, Identity Management Day, is an annual reminder about the dangers of casually or improperly securing and managing digital identities.
In honor of the day coming up on April 12, I spoke to the below industry experts on how both individuals and organizations can strengthen identity management all year round.
“When InfoSec people refer to the CIA of cybersecurity, they’re usually talking about the Confidentiality, Integrity, and Availability of the data we work to protect and not the three-letter government entity. These three tenets of security are fundamentally dependent on trusting the identity of the user accessing the data; without surety of identity, how do you build trust about who can or cannot access what, where, when and how? In our remote workforce world, assuring the identity of BYOD users has presented a challenge to many SMB organizations. This demand has led to impressive growth and accessibility of trusted identity management solutions that enable us to work together, even when we’re apart.” – Nelson Moulton, Security and Network Operations Director at PacificEast
“Small businesses often struggle to develop and implement a plan for securing their identities due to a lack of time and resources. A strategy for securing digital identities may involve identification of the need; planning, developing, testing and implementing the response; and finally, monitoring and maintaining the procedures and any software used. Those steps can become overwhelming for small businesses with staff shortages, small budgets or limited time.
However, securing identities can be tackled one project at a time. Setting up multi-factor authentication, using password managers, creating processes for identity data management, and scheduling automatic updates are all a great place to start.” – John Reade, Information Systems Director at Quanterion Solutions Incorporated
“According to the National Cybersecurity Alliance and CyBSafe study, “Oh Behave!” 53% of employees don’t think it is their responsibility to protect company online information. When you think about it, this is because the tech industry has always said “we control access” and “we control the technology,” but that isn’t necessarily true. Employees who use the information each day control that information. We believe in giving employees the critical thinking skills and tools to protect customer and company information.” – CyberWyoming
“Whether you follow a zero-trust framework or not, identities are a critical control point for all organizations due to their ubiquitous use in our digital world. For many organizations, every day is identity management day–considering the amount of unprecedented attrition in the workforce coupled with persistent identity-based attacks– there is no better time to spotlight how critical identity-security has become globally.” – Carla Roncato, Founder of Authora Research
“We all know that companies are going to get attacked. The question is, what are you doing when somebody gets in your network to protect your data and not just your identity? Knowing identities is half the battle when it comes to mitigating risk.” -Adil Khan, CEO, SafePaaS
“Identity security is not just about ticking a checkbox to satisfy your compliance, it is part of your business. You can’t run a business without giving access to your employees or contractors. Identity security is not a one-time project, it is a journey. A journey that includes a series of initiatives that are incorporated with strategy, capabilities, vision, people, process and technology to continuously address the ever-changing identity landscape in the business.” – Jason Lim, Founder and CEO, Cydentiq Sdn Bhd
