Welcome to #BeIdentitySmart Week! As part of Cybersecurity Awareness Month and in conjunction with the National Cybersecurity Alliance, we’re excited to host a week of awareness to educate business leaders and IT decision makers on the importance of identity in cybersecurity strategies and business initiatives.
In its 18th year, Cybersecurity Awareness Month, was created as a collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online. The overarching theme for this year is “Do Your Part. #BeCyberSmart,” with week 4 focused on making security a priority. The IDSA is founded on the premise that you shouldn’t talk about security without talking about identity, so as organizations focus on making security a priority, we are going one step further to say that making security a priority, also means making identity a priority in your security strategy.
Why is it so important to make identity a priority in your security strategy? The headlines have been full of high-profile breaches, such as SolarWinds and Colonial Pipeline, that can be traced back to insecure identity practices. According to IDSA research, 83% of respondents say remote work due to the pandemic increased the number of identities, further increasing the attack surface. Additional research supports the need for organizations to make this inherent identity security connection:
- 81% of hacking-related breaches leverage weak, stolen, or otherwise compromised credentials. [Verizon Data Breach Investigations Report]
- 79% of organizations have experienced an identity-related security breach in the last two years and 93% said they were preventable with better identity-related security controls. [Identity Defined Security Alliance}
- 74% of data breaches involve access to a privileged account. [Centrify]
- 73% of users use the same password for multiple sites, and 33% of people use the same password every time. [DigiCert]
- $51-$72 billion in losses to the worldwide economy could be eliminated through the proper management and protection of identities. [AIR Worldwide]
The explosion of cloud, mobile devices, and connected things, as well as the consumerization of information technology (IT), has increased the risk of cybersecurity attacks due to compromised identities, accounts, and credentials. With #BeIdentitySmart Week we hope to engage the entire identity and security community of vendors and practitioners to share advice, best practices and more, that can help organizations not just #BeCyberSmart, but also #BeIdentitySmart.
To kick off #BeIdentitySmart Week we are publishing a new ebook, The Guide to Identity Defined Security, to help organizations mitigate the risk of an identity-related breach by providing best practices and recommendations for implementing an identity-defined security strategy. This definitive guide to identity defined security is a compilation of several years of research, domain expertise and best practices collaboratively developed by leading identity and security vendors, solution providers and practitioners. The ebook will discuss the challenges facing organizations today, why an Identity Defined Security program is essential, and the steps to get started leveraging the Identity Defined Security Framework. Read this ebook for advice on reducing the risk of a breach while at the same time helping your organization transform how you do business.
Each day of #BeIdentitySmart Week, we’ll also be publishing new content from our Champions, Technical Working Group subcommittees and IDSA members around specific identity-security related themes:
- Monday, October 25: How to Start an Identity-Centric Security Program
- Tuesday, October 26: Transforming Experience Through Customer Identity and Access Management (CIAM)
- Wednesday, October 27: The Growing Importance of Protecting Machine Identities
- Thursday, October 28: Applying Identity to DevSecOps Tools and Processes
- Friday, October 29: Improving Identity Insights with Artificial Intelligence and Machine Learning
We’ll also be discussing what it means to #BeIdentitySmart with a panel of identity and security experts on Thursday, October 28th, 9am PT/12pm ET. They’ll also be sharing their perspectives and taking questions on the identity-security related themes and how to align identity and security programs with these challenges and initiatives.
As companies increasingly face a new landscape being driven by the adoption of cloud, consumerization of IT and proliferation of mobile devices, identities have become the attack vector of choice for the bad guys. While we use Cybersecurity Awareness Month to highlight the importance of identity in security strategies, we encourage security leaders to make identity a focus this week and every week.
