16 Questions You MUST Ask Before Hiring Any IT Company
Secure identity and access management isn’t a new concept. After all, IT experts have been banging the drum for multifactor authentication and digital password managers for years to combat the risk of credential compromise. That same risk is also the most common initial cyberattack vector according to this year’s IBM Cost of a Data Breach Report, the culprit in 20% of breaches. Identity and access management is enjoying another moment in the spotlight right now as a confluence of factors makes it the perfect solution to take care of a variety of security concerns.
Pandemic-limited movement meant that everyone was opening new online accounts for communication, education, shopping, entertainment and business. In a global study conducted by Morning Consult for IBM, researchers determined that people created an average of 15 new online accounts per person worldwide during the pandemic. But a major downside of that account creation blitz is the fact that those users weren’t always careful to create new, strong passwords, opening every account they had up to credential compromise risk. More than 80% of those surveyed admitted that they had regularly reused passwords when creating those accounts.
Obtaining a legitimate password is by far the easiest way for a cybercriminal to get inside a company network to steal data or deploy ransomware. The sudden proliferation of online accounts spawned by the pandemic also gave cybercriminals even more opportunities to steal passwords as well as raising the likelihood that a password that they snatch is useful. An estimated 20 billion fresh passwords made their way to the dark web in 2020. Huge new pools of passwords have been accumulating on the dark web this year as well, populated through giant password dumps on the dark web like the 100GB text file dubbed Rock You 2021.
A recent report from the non-profit Identity Theft Resource Center showed that the number of data breaches that they’ve recorded in 2021 has already exceeded the total number of events in Full-Year (FY) 2020 by 17%. Their researchers had totaled up 1,291 breaches by October 2021, exceeding the 1,108 recorded in all of 2020 with two months left in the year. This trend is expected to continue and it points to the high probability of 221 being a record-breaking year for data compromises (the all-time high of 1,529 breaches was set in 2017). Credentials were the top type of information stolen in data breaches worldwide in 2020.
After a series of high-profile cyber attacks made headlines around the world, governments and industry regulators have started to reconsider the cybersecurity requirements for many industries, including identity and access management. At least 38 states, Washington, DC, and Puerto Rico have pending legislation in the form of more than 280 bills or resolutions that deal with cybersecurity. This includes a push for access management after credential compromise incidents like Colonial Pipeline. Multi Factor authentication (MFA), a staple of IAM, is a requirement already under many major industry regulations including HIPAA, PCI-DSS, CJIS, FFIECC. That’s quickly becoming the case in other sectors. MFA is a security best practice. In the EU, GDPRs Privacy by Design push also includes provisions that encourage secure identity and access management.
The US federal government is one of the biggest customers around for technology and technology services, and it’s moving to zero trust fast. President Joseph R. Biden signed a cybersecurity executive order on May 12, 2021, that calls for the federal government to adopt a zero-trust architecture. The executive order directs the Commerce Department to create cybersecurity standards for companies that sell software services to the federal government, a powerful motivator in the marketplace. Under this order, agencies are directed to take a zero-trust approach to user identity and permissions. The order also advises agencies to use multiple ways to confirm a user’s identity when they log on or connect to federal agency systems.
Cybercrime numbers aren’t dropping and businesses are under pressure to do whatever it takes to reduce cyberattack risk. One of the smartest ways to do that is to boost a company’s cyber resilience. A cyber resilient organization is able to stand in the face of trouble like a cyberattack. Having tight identity security boosts an organization’s cyber resilience by ensuring that only the right people and devices are able to access its network no matter what conditions a company is operating under. This is especially important in a fast-moving risk landscape where it’s hard to predict what’s going to happen next.
Source: ID Agent