Guest Column | April 12, 2022

Tips And Tricks To Secure Identities Year-Round In Honor Of Identity Management Day

By Julie Smith, executive director, Identity Defined Security Alliance

Spyware Security Ransomware

Nearly 80% of organizations have experienced an identity-related security breach in the last two years, and over 15 billion passwords are available on the Dark Web. It’s becoming abundantly clear that to stop adversaries in their tracks, we need to take identity security seriously. 

Identity Management Day, which was founded by the Identity Defined Security Alliance and National Cybersecurity Alliance last year and takes place on the second Tuesday of April, is an annual reminder about the dangers of casually or improperly managing and securing digital identities. 

In honor of the day, I spoke to the below industry experts on how organizations and individuals can strengthen identity management all year round: 

“Colonial Pipeline, Twitch ... these organizations have one thing in common: they suffered data breaches as a result of stolen credentials. Credential theft has become one of the most common and effective methods cyber threat actors use to infiltrate organizations of all sizes and access sensitive data. 

We strongly support efforts, like Identity Management Day, which raise public awareness and can help to combat this pervasive issue. We advocate for the best practices that ensure cyber hygiene and protect personal and professional identities and credentials to prevent credential-based attacks from continuing. 

Credential-driven attacks are largely exacerbated by a ‘set it and forget it’ approach to identity management, but organizations must build a security stack that is consistently monitoring for potential compromise. Organizations across industries can invest in data-driven behavioral analytics solutions to help detect malicious activity. These analytics tools can immediately flag when a legitimate user account is exhibiting anomalous behavior indicative of credential theft, providing greater insights to SOC analysts about both the compromised and the malicious user, which results in a faster response time.” - Tyler Farrar, CISO, Exabeam

“Identity theft has become a booming business with cybercriminals looking to take advantage of consumers’ changing behaviors and increased digital footprint to launch coordinated attacks and convincing scams. To protect against this threat, consumers need to take charge of their digital lives and proactively invest in identity theft monitoring, alert and recovery services to help monitor threats to their identity and safeguard their personal information.” - David Putnam, Head of Identity Protection Products at NortonLifeLock

Gartner recently noted (Feb 18, 2022 report) that one of the top trends for cybersecurity in 2022 will be Identity Threat Detection and Response. This aligns with CrowdStrike's 2022 Global Threat Hunting Report research that shows that 80% of cyber breaches involve identity-based attacks. The industry's broader response to attacks has been to deploy Zero “Trust architectures that feature identity security as a key pillar. Even when looking at more tactical responses, with modern attack methods, the MITRE ATT&CK TTPs can no longer be covered without using identity attack detection and protection tools. And with enterprises deploying hybrid architectures and required to secure remote and on-campus workers, the industry needs a platform-based approach for defense without relying on a single vendor for a response. These trends make the protection of identities and identity stores - everywhere and for everyone - more urgent now than ever.” - Kapil Raina, VP, Zero Trust, Identity Protection, and Data Protection Marketing, CrowdStrike

“The Better Identity Coalition is pleased to join with our partners in supporting Identity Management Day. So many services – in banking, healthcare, government, and e-commerce – depend on knowing “who is on the other side” of a transaction. Today, the ability to offer high-value transactions and services online is being tested more than ever, due in large part to the challenges of proving identity online. The lack of an easy, secure, reliable way for entities to verify the identities of people they are dealing with online creates friction in commerce, leads to increased fraud and theft, degrades privacy, and hinders the availability of many services online.

The good news is that these problems are not insurmountable; by making identity management a priority and investing in digital identity infrastructure, we will prevent costly cybercrime, give businesses and consumers new confidence, improve inclusion, and foster growth and innovation across our economy.” - Jeremy Grant, Coordinator, Better Identity Coalition

“Security risk vectors are dynamic and fluid, and as a result, data breaches continue to challenge even the most resilient of enterprise architectures. Historically, the root cause of the majority of breaches has been due to compromised credentials. As technologists, we are forced to evolve and innovate. To keep pace with the demands of digital work and life, organizations are implementing next-level technologies, processes, and policies to ensure that trusted identities have authorized access to digital assets. The goal is to allow the ‘right’ users to have access to the ‘right’ resources - and to ensure the wrong ones don't. If we can do that, then potentially we can prevent many of these breaches.” - Tom Ammirati, CRO, PlainID

“It's reported that small businesses generate 44% of the U.S. economic activity. Many of them are a vital part of the overall supply chain and partner ecosystem of larger organizations. With attackers increasing their focus on the supply chain, these SMBs must adopt fundamental and important security practices including the use of phishing-resistant MFA protocols, like FIDO, which are available as part of many Single Sign-On solutions indicated by the “Sign in with” buttons. SMBs should also strongly consider using cloud data storage to mitigate ransomware threats and a password vault for those sites that have yet to adopt modern authentication.” -Chad Thunberg, CISO, Yubico

“Kaspersky proudly supports Identity Management Day. According to our survey data, three out of four people use default security settings in apps and online services at least some of the time. To take proper care of their identities, we encourage people to always check security settings, tighten them where possible and limit what they share. We also urge people to use a unique password for every website, app, and service and use two-factor authentication wherever it’s available, especially with bank accounts and credit cards.” - Kurt Baumgartner, principal security researcher, Kaspersky

“Identity is our new security perimeter; close to 60% of the data breaches in 2021 exposed some form of PII with over 70% of such breaches including passwords. With the increase of “fuzzing” techniques to check variations of stolen passwords, identity attacks will only get more focused given the access administrative or select user credentials will grant an attack targeting specific corporations and their systems.” - Jon Shende, Board Member, MyVada

“While Big Business dominates the headlines for cyberattacks, the SMB often underestimates the need for proper Identity and Access Management. Often ill-prepared, the SMB is, therefore, a prime target for attack – presenting low risk and high return for the cybercriminal.

All companies need to improve security now to avoid disaster – with 2 must-haves: SSO and MFA. Multiple sets of employee credentials for access to various applications increase friction, cost, and risk. A setup that combines passwordless MFA with SSO vastly reduces risk by eliminating phishable credentials and shrinking the attack surface, while also reducing company costs and friction.” - Heath Spencer, CEO, TraitWare

“There are different ways to enter a structure. There are different ways to enter digital environments as well. The easiest path of least resistance for a bad actor as well as an upstanding citizen is the front door. So, our access through that front door ["legacy login," with a username and password] is still the number one cause of data breach and why we need to address at least looking at how we modernize the front door lock.” - Heath Spencer, CEO, Traitware

 “Excessive access will run rampant in the post-Covid cloud. However, most organizations no longer have this visibility making it easier for insiders to continue to do damage undetected.” - Sandy Bird, CTO and Co-Founder of Sonrai Security.