Dirk Geeraerts | Security Evangelist
As the lines between our personal and professional lives continue to blur, protecting our digital identities as consumers, employees, or partners is essential to security. Identity-related breaches are making headlines almost every day, leading to expensive costs and reputational damage.
Identity Management Day 2022, sponsored by Identity Defined Security Alliance and National Cybersecurity Alliance, is a reminder to make identity management and digital identity security a priority. The event brings together security leaders, vendors and advocates to empower organizations and consumers to reduce the risk of experiencing a data breach and potentially damaging data loss.
Identity, the last frontier
“Attacks over the past year on SolarWinds and Colonial Pipeline had massive repercussions, and yet neither attack was carried out via new techniques. Both attacks were the result of inadequate identity management practices,” says Julie Smith, Executive Director of the Identity Defined Security Alliance.
As businesses and individuals migrate their operations and everyday life activities to the cyber domain, the borders between the physical and digital worlds have blurred. Digital identities have become the new frontier to defend. Increasingly, though, criminals are also moving their tactics to target our digital identities.
“Work from home and ‘bring your own device’ policies have blurred the lines between our personal and professional lives. Poor cyber hygiene on a professional or personal account or device can leave your entire digital identity vulnerable,” says Lisa Plaggemier, Interim Executive Director of the National Cybersecurity Alliance.
According to the 2021 Trends in Securing Digital Identities report from the IDSA, 79% of organizations have experienced an identity-related security breach in the last two years. The IBM 2021 Cost of Data Breach report also indicates that 61% of all breaches were a result of stolen credentials. In addition, ransomware attacks are now facilitated by criminals offering access-as-a-service by selling stolen credentials, In fact, Forbes noted that 15 billion passwords are available on the Dark Web.
Despite the expanding threat landscape, businesses and individuals are lagging in identity security controls. For example, even though multifactor authentication can block up to 99% of credential-based attacks, the level of adoption remains relatively low. The Thales 2021 Access Management Index report indicates that only 55% of businesses have adopted MFA to protect their multi-cloud workloads.
Identity, the next frontier
However, the landscape is about to change. President Biden’s Executive Order and the subsequent Memorandum on Zero Trust Architecture from the Office of Management and Budget mandate the use of MFA across all federal agencies. Further, all private organizations wishing to do business with the Government will have to comply with these requirements. The federal requirements go one step further – not only require MFA across all federal agencies but these deployments must be phishing resistant.
This is a great step towards adopting a Zero Trust approach to security. In fact, the Thales 2022 Data Threat Report indicates that 30% of global respondents already have a formal strategy and are actively embracing a Zero Trust policy. Another 27% are reporting that they are planning to develop a Zero Trust strategy. This trend is also demonstrated by the finding that 76% of survey participants agree that Zero Trust is influencing their cloud security policy to some or a great extent.
Thales’ approach to identity security
In today’s environment, an organization’s authentication and access management solution need not to be monolithic. The variety of available authentication methods allows organizations and agencies to employ standards-based, pluggable authentication solutions based on mission need. Stronger authentication, adopting methods with higher authentication assurance level, requires malicious actors to have better capabilities and expend greater resources to successfully subvert the authentication access. Stronger authentication can effectively reduce the risk of attacks.
Thales SafeNet Trusted Access suite is an award-winning identity and access management solution that helps you protect your data and secure your digital transformation initiatives. SafeNet Trusted Access offers a variety of MFA options, including phishing resistant ones, such FIDO keys and PKI smart cards.
Use the following identity security resources to help protect your organization's data, employees and customers.