The use of video doorbells and internal and external video cameras for home security has skyrocketed in recent years as homeowners seek new ways to protect themselves and their property. While these devices may capture images of potential intruders, they cannot confirm their identities. Is this really an employee from your electric company or is it someone wearing an authentic looking identification badge who has nothing to do with your electric company and is instead trying to sell you solar panels? This example of home security parallels the cybersecurity challenges facing many organizations.
To make informed decisions on how best to mitigate cybersecurity risks, you must first understand what cybersecurity means in today’s digital world. The term “cybersecurity” has several definitions. Many people equate the term “cybersecurity” with antivirus software, firewalls, and other tools that protect against unwanted intrusions into networks and data storage. While that may have been an accurate definition in the past, the term cybersecurity has evolved to mean more than just preventing attacks: it’s also about managing who has access to information and systems within an organization and protecting sensitive data from unauthorized access (Identity and Access Management [IAM]).
Don’t be an Ostrich
Almost all organizations face the risk of data breaches and the challenge of securing their data, but many choose to ignore it rather than anticipate it by proactively implementing safeguards. The latest research from the Identity Defined Security Alliance, “2022 Trends in Securing Digital Identities” reports 84% of respondents experienced an identity-related breach in the last year. And with the average cost of a data breach in 2021 increasing from $3.86 million to $4.24 million, organizations clearly need to do more to prevent these costly incidents from happening.
Cybersecurity should be a core requirement for any organization managing sensitive data. An organization could lose all of its intellectual property because it does not have a plan in place that includes cybersecurity. Ever-increasing volumes of online business transactions amplify the need to implement proper safeguards to protect your organization’s data and systems. A new approach to cybersecurity focuses on identity — knowing who has access to your systems and what they are allowed to do throughout their lifetime — this includes contractors, consultants, and even temporary employees. While no system is infallible, knowing who has access to your network and how they are allowed to use it is critical to the success of any cybersecurity program.
Separate but Equal
The key to successfully managing identity and managing access is recognizing that they are two different things. For example, when an individual has an account for a service, they may access certain parts of the system. In some cases, an individual has a username and password that grants them complete access to all areas of the site. In other instances, only specific information is accessible based on what that person needs for their job. To create a more secure network, organizations need to implement a method of managing identity and access. Identity management systems will help manage the users in your environment, assigning them access, and identity governance systems will help you keep track of those users’ access and audit the assignment of that access. It is essential for organizations not only to monitor external breaches into their network but also to track internal activity.
Managing contractors, consultants, and temporary employees is an ongoing process that takes time to perfect; ongoing training for all parties in the organization can help. The use of software makes this process easier to manage but – software is expensive and requires ongoing maintenance. It is also essential to train regular employees about the importance of the software because they may have access to information outside their department or project area. IAM processes for managing contractors, consultants, and temporary employees should be audited every year.
Be Cyber Smart
The increase in the number of remote workers means more users are accessing organization systems from several different places. The network is no longer the perimeter; identity is the new perimeter. In the event of a security breach, access management is more critical than ever. Organizations need to identify what data was accessed, who had access to this data, and what they did with the data after accessing it. This includes tracking where the information was sent, what it was used for, and any documents printed or copied. The average time to identify and contain a data breach last year was 287 days; more than nine months between the time a breach is identified and the time it’s contained.
About the Author: David Lee is the Director, Product Management at SecZetta. Over the past 15 years, David has come to understand the complexity of digital identity, and he’s built a career helping executives to understand it too. David began his career as an Enterprise Architect and is now considered a thought leader in the field of Identity and Access management. He was named a Top 100 Identity Influencer and is famously known as the “Identity Jedi.” You can connect with David Lee on LinkedIn