Identity Management Day is about raising awareness of the importance of identity management and securing digital identities, and sharing best practices to help organizations and consumers #beidentitysmart. This year we are proud to recognize almost 200 individuals and organizations who are prioritizing identity management and security as Identity Management Champions.
Find out what they have to say about the key challenges facing us as the lines blur between our personal and professional lives, and as organizations of all sizes struggle with putting in place the appropriate measures to prevent identity-related attacks. They provide perspectives on the current state and advice on how to make us all more secure. The prevailing theme – we all need to contribute to the security of our digital ecosystem. Identity Security is everyone’s responsibility.
“Colonial Pipeline, SolarWinds, Twitch. All of these organizations have one thing in common: they suffered data breaches as a result of stolen credentials. Credential theft has become one of the most common and effective methods cyber threat actors use to infiltrate organizations of all sizes and access sensitive data.
We strongly support efforts, like Identity Management Day, that raise public awareness and can help to combat this pervasive issue. We advocate for the best practices that ensure cyber hygiene and protect personal and professional identities and credentials to prevent credential-based attacks from continuing.
Credential-driven attacks are largely exacerbated by a ‘set it and forget it’ approach to identity management, but organizations must build a security stack that is consistently monitoring for potential compromise. Organizations across industries can invest in data-driven behavioral analytics solutions to help detect malicious activity. These analytics tools can immediately flag when a legitimate user account is exhibiting anomalous behavior indicative of credential theft, providing greater insights to SOC analysts about both the compromised and the malicious user, which results in a faster response time.”
Tyler Farrar, CISO, Exabeam
“Identity theft has become a booming business with cybercriminals looking to take advantage of consumers’ changing behaviors and increased digital footprint to launch coordinated attacks and convincing scams. To protect against this threat, consumers need to take charge of their digital lives and proactively invest in identity theft monitoring, alert and recovery services to help monitor threats to their identity and safeguard their personal information.”
David Putnam, Head of Identity Protection Products at NortonLifeLock
“Gartner recently noted in Top Trends in Cybersecurity 2022 that one of the top trends for cybersecurity in 2022 will be Identity Threat Detection and Response. This aligns with CrowdStrike’s 2022 Global Threat Hunting Report research that shows 80% of cyber breaches involving identity-based attacks. The industry’s broader response to attacks has been to deploy Zero Trust architectures that feature identity security as a key pillar. Even when looking at more tactical responses, with modern attack methods, the MITRE ATT&CK TTPs can no longer be covered without using identity attack detection and protection tools. And with enterprises deploying hybrid architectures and required to secure remote and on campus workers, the industry needs a platform based approach for defense without relying on a single vendor for a response. These trends make the protection of identities and identity stores – everywhere and for everyone – more urgent now than ever.”
Kapil Raina, VP, Zero Trust, Identity Protection, and Data Protection Marketing, CrowdStrike
“The Better Identity Coalition is pleased to join with our partners in supporting Identity Management Day. So many services – in banking, health care, government, and e-commerce – depend on knowing “who is on the other side” of a transaction. Today, the ability to offer high-value transactions and services online is being tested more than ever, due in large part to the challenges of proving identity online. The lack of an easy, secure, reliable way for entities to verify identities of people they are dealing with online creates friction in commerce, leads to increased fraud and theft, degrades privacy, and hinders the availability of many services online.
The good news is that these problems are not insurmountable; by making identity management a priority and investing in digital identity infrastructure, we will prevent costly cybercrime, give businesses and consumers new confidence, improve inclusion, and foster growth and innovation across our economy.”
Jeremy Grant, Coordinator, Better Identity Coalition
“Security risk vectors are dynamic and fluid, and as a result, data breaches continue to challenge even the most resilient of enterprise architectures. Historically, the root cause of the majority of breaches has been due to compromised credentials. As technologists, we are forced to evolve and innovate. To keep pace with the demands of digital work and life, organizations are implementing next level technologies, processes, and policies to ensure that trusted identities have authorized access to digital assets. The goal is to allow the ‘right’ users to have access to the ‘right’ resources – and to ensure the wrong ones don’t. If we can do that, then potentially we can prevent many of these breaches.”
Tom Ammirati, Chief Revenue Office, PlainID
“It’s reported that small businesses generate 44% of the U.S.economic activity. Many of them are a vital part of the overall supply chain and partner ecosystem of larger organizations. With attackers increasing their focus on the supply chain, it is imperative that these SMBs adopt fundamental and important security practices including the use of phishing-resistant MFA protocols, like FIDO, that are available as part of many Single Sign-On solutions as indicated by the “Sign in with” buttons. SMBs should also strongly consider using cloud data storage to mitigate ransomware threats and a password vault for those sites that have yet to adopt modern authentication.”
Chad Thunberg, CISO, Yubico
“Kaspersky proudly supports Identity Management Day. According to our survey data, three out of four people use default security settings in apps and online services at least some of the time. In order to take proper care of their identities, we encourage people to always check security settings, tighten them where possible and limit what they share. We also urge people to use a unique password for every website, app and service and use two-factor authentication wherever it’s available, especially with bank accounts and credit cards.”
Kurt Baumgartner, principal security researcher, Kaspersky
“Identity is our new security perimeter; close to 60% of the data breaches in 2021 exposed some form of PII with over 70% of such breaches including passwords. With the increase of “fuzzing” techniques to check variations of stolen passwords, identity attacks will only get more focused given the access an administrative or select user credentials will grant an attack targeting specific corporations and their systems.”
Jon Shende, Board Member, MyVayda
“While Big Business dominates the headlines for cyber-attacks, the SMB often underestimates the need for proper Identity and Access Management. Often ill-prepared, the SMB is therefore a prime target for attack – presenting low risk and high return for the cybercriminal.
All companies need to improve security now to avoid disaster – with 2 must-haves: SSO and MFA. Multiple sets of employee credentials for access to various applications increase friction, cost, and risk. A setup that combines passwordless MFA with SSO vastly reduces risk by eliminating phishable credentials and shrinking the attack surface, while also reducing company costs and friction.”
Heath Spencer, CEO, Traitware
“For almost every two cloud security jobs in the United States today, a third job is sitting empty because of a shortage of skilled people. It’s like going into football’s Super Bowl with only seven players on the field when the other team has all eleven.”
Eric Kedrosky, CISO and Director of Cloud Security, Sonrai Security
“According to the National Cybersecurity Alliance and CyBSafe study, “Oh Behave!” 53% of employees don’t think it is their responsibility to protect company online information. When you think about it, this is because the tech industry has always said “we control access” and “we control the technology,” but that isn’t necessarily true. Employees who use the information each day control that information. We believe in giving employees the critical thinking skills and tools to protect customer and company information.”
Laura Baker, CyberWyoming
“When InfoSec people refer to the CIA of cybersecurity, they’re usually talking about the Confidentiality, Integrity, and Availability of the data we work to protect and not the three-letter government entity. These three tenets of security are fundamentally dependent on trusting the identity of the user accessing the data; without surety of identity, how do you build trust about who can or cannot access what, where, when and how? In our remote workforce world, assuring the identity of BYOD users has presented a challenge to many SMB organizations. This demand has led to impressive growth and accessibility of trusted identity management solutions that enable us to work together, even when we’re apart.”
Nelson Moulton, Security and Network Operations Director, PacificEast
“Small businesses often struggle to develop and implement a plan for securing their identities due to a lack of time and resources. A strategy for securing digital identities may involve identification of the need; planning, developing, testing and implementing the response; and finally, monitoring and maintaining the procedures and any software used. Those steps can become overwhelming for small businesses with staff shortages, small budgets or limited time.
However, securing identities can be tackled one project at a time. Setting up multi-factor authentication, using password managers, creating processes for identity data management, and scheduling automatic updates are all a great place to start.”
John Reade, Information Systems Director, Quanterion Solutions Incorporated
“We all know that companies are going to get attacked. The question is, what are you doing when somebody gets in your network to protect your data and not just your identity? Knowing identities is half the battle when it comes to mitigating risk.”
Adil Khan, CEO, SafePaaS
“Identity security is not just about ticking a checkbox to satisfy your compliance, it is part of your business. You can’t run a business without giving access to your employees or contractors. Identity security is not an one-time project, it is a journey. A journey that includes a series of initiatives that is incorporated with strategy, capabilities, vision, people, process and technology to continuously addressing the ever-changing identity landscape in the business.”
Jason Lim, Founder and CEO, Cydentiq Sdn Bhd
Thanks to all our Identity Management Champions! Visit Identity Management Day 2022 Resources and follow #IDMgmtDay2022 and #BeIdentitySmart on Twitter and LinkedIn to access all of the advice and best practices that will be shared as part of Identity Management Day.
Register today for the Virtual Conference on April 12th! Can’t make it? All sessions will be recorded and available through May 13th.