As we spend more and more of our lives online, bad actors keep innovating new types of threats, and tried-and-true ransomware attacks are still on the rise. Vital businesses and critical infrastructure (think hospitals and utility companies, to name a couple) are especially coming under increased threat. The disruption, infiltration or failure of these governmental and private sector operations can severely jeopardize national security, economic stability and public health and safety.
Organizations need strong policies in place for identity management and governance; essentially, this practice is about having visibility and access into and control over who is accessing your tools and systems. As cybersecurity attacks continue, layoffs and economic turbulence persist and we rely more heavily on online resources, we can’t afford to leave those systems vulnerable.
What Are Identity and Access Management (IAM) Systems?
IAMs are systems that consist of a framework of business processes, policies and technologies. They facilitate the management of electronic or digital identities.
Whenever an individual creates a username and account for a new business tool, for instance, that represents an identity. An enterprise may have hundreds or even thousands of these, including those of current employees, along with contractors, vendors, and even former employees.
Security Risk Is Rising
Ransomware attacks have dramatically increased in frequency; the latest Verizon Data Breach Incident Report found that the number of such attacks in the past two years was greater than the previous five years combined. Worse, not only are these attacks happening more often, but bad actors are also expanding their targets to include critical infrastructure.
For example, a ransomware attack in 2021 struck Ireland’s largest healthcare system, the Health Service Executive. Another attack on the Colonial Pipeline temporarily shut down nearly half of the gas and jet fuel delivered to the U.S.’s east coast. The local and national networks of the pipeline company were briefly taken offline as a result of the attack, and hackers stole private company information.
These attacks can be quite damaging and are also getting more expensive. IBM estimated that the average cost of a data breach in 2022 was $4.35 million, which is a 17 percent jump from 2020. Businesses must safeguard their confidential information and intellectual property from attacks while also protecting their ability to operate continuously.
Among other recommendations, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) encourages organizations in its #StopRansomware Guide to implement identity and access management (IAM) systems to avoid compromised credentials and limit any damage in the event of successful attacks. What are IAM systems? Put simply, these are systems, often consisting of a framework of business processes, policies and technologies, that facilitate the management of electronic or digital identities.
Whenever an individual creates a username and account for a new business tool, for instance, that represents an identity. An enterprise may have hundreds or even thousands of these, including those of current employees, along with contractors, vendors, and even former employees. Each of these identities represents a potential threat vector, a point of access into important business systems and entities that bad actors could take advantage of.
How Layoffs and Reorganizations Affect Security
Along with the rising cyber risk, we have seen an increase in job cuts and layoffs around the globe as a result of apprehension about looming recession and economic instability.
Three significant security ramifications can follow from this. Reduced headcount, for one thing, means everyone is working to protect systems with fewer resources. Second, businesses must ensure that staff can easily use the applications they need during reorganizations while also appropriately limiting access to data. Management of access and privileges during offboarding is a third issue.
Staff reduction is a challenge for all operations, but particularly security, which already faces a serious skills gap — 3.4 million positions are currently open worldwide. This area usually has fewer employees who have to do more work while maintaining access privileges. How can you be sure you can manage security and uphold compliance?
IT environments that need to be safeguarded are becoming more complex. Also, because of growing collaboration and work-from-anywhere policies, there are more identities and access permissions to manage. How do you make sure your business remains secure with fewer workers, particularly if there are gaps in your security function? And then how do you guarantee productivity? Only a high degree of automated access management will be able to accomplish this.
Another danger related to layoffs has to do with employees’ privileges and access. In addition to the sad reality that people have lost their jobs, there may also be security and compliance issues. Former staff who felt betrayed at some point in the past may exploit their insider access to wreak havoc, steal data and engage in other forms of mischief after an incident.
You’ll need to develop a “least privilege”policy to address insider threats. Under the principle of least privilege, employees only have access to the resources, information and data necessary to do their jobs. Having clear joiner, mover and leaver (JML) processes will help lower additional risk. Identity analytics will help identify old or unused accounts and enable better decision-making by triggering access reviews and other risk remediation procedures.
Automation and Cybersecurity
All of these issues highlight the need for robust, automated identity governance and administration (IGA) operations that can be individually suited to an organization’s needs and dynamically updated when those needs change.
Here’s why: manual access management processes, controlled by humans, are flawed and inefficient by their natures. Onboarding and offboarding hundreds or thousands of people to hundreds or thousands of resources manually, inevitably leads to lapses in the system. Identities are either provided too much access, which isn’t secure, or too little, stifling productivity. It’s simply too much for humans alone to keep up with.
To manage access permissions for a large and scattered workforce across a range of systems and applications, policy-driven automation is a must-have. In other words, let’s say you always want to give access to a certain application to a person who fits a specific job role at a specific time and only from a specific location. Such policies can be built into the automation without requiring as much manual oversight. This enables employees and contractors to have access to the systems they need as new systems become available or when their job roles require it. That’s what policy-driven automation entails.
Automated access management improves the efficiency of user administration by automating the processes for provisioning and regulating access. For instance, managers must ensure that new hires have access to the necessary technologies from day one of their onboarding process.
Another task that’s an excellent candidate for automation is recertification. When done manually, gathering all the access rights, compiling the results and patching any system flaws that the managers have found is a huge time sink. Recertification done that way demands a huge effort. The productivity of this process can be greatly increased by automation.
Wrangling Hybrid Infrastructures
One factor that’s further complicated the landscape is that most organizations now have a mix of on-premises and cloud-based systems. Cloud-based tools are often easier to access, but they add to the complication of management and security. Most people used to go into an office and access tools from that location, which made keeping control of who was accessing what simpler. When you can access tools from different environments, like in the case of remote work, that adds another layer of complexity. How do you know the person accessing the system from a remote location is your authorized employee and not, say, a hacker? You can’t rely on their location alone to identify them in a cloud-based world.
Organizations must transition to a zero-trust paradigm, whose foundation is solid identity management. The premise behind zero trust is that, regardless of a network perimeter, everyone should be viewed with mistrust. In this way, it’s intended to secure data flows, carry out trustworthy authentication and precisely specify authorizations.
Removing Uncertainty Around Identity
The world has already seen the trends of budget cuts and layoffs as 2023 nears its end. Businesses cannot afford to compromise on security and identity management, however. As cyberattacks increase, the likelihood of insider threats by unhappy former employees do, too. Enterprises must now, more than ever, maintain a high level of security by putting powerful, adaptable and automated IGA functions in place.