As phishing attacks become common and data breaches continue to leak user credentials, cybercriminals are increasingly gaining access to the usernames and passwords that employees use in their personal and professional lives. Since 62% of people reuse passwords across personal and business accounts, user credentials leaked in a breach of a personal account on a poorly-secured website may then be used by a cybercriminal in a credential stuffing attack to gain access to an employee’s company account.
These attacks are focused on compromising employees’ identity on business systems. As a result, deploying Identity and Access Management (IAM) is an increasing area of focus for many organizations.
IAM raises the bar for cybercriminals attempting to use stolen credentials to access business accounts. Implementing multifactor authentication and enforcing strong password policies decreases the probability that an attacker can gain access in the first place. If they succeed, behavioral analysis increases the probability that they will be detected. However, IAM is growing more complex, and security teams do not have the ownership of IAM that they need.
What Does IAM Do?
IAM is designed to help manage user identities and access permissions within an organization. Managing these identities is essential to ensuring that compromised accounts do not pose a risk to the business. To accomplish this, an IAM solution provides a number of different benefits, including password management, insider threat detection, anomaly detection, and multifactor authentication.
Password Management
The fact that many users have weak passwords is commonly known. Given the opportunity, the average person will choose a password that is easy to remember (i.e., weak) and use it for all or most of their online accounts. However, this leaves these accounts open to potential attack since a hacker could guess these weak passwords using a brute force or dictionary-based password guessing attack.
Many organizations have implemented password policies to help to defend against this type of attack, but these policies are only useful if they are followed. A good IAM solution will help enforce strong password policies throughout an organization.
Insider Threat Management
While many threats to an organization originate from the outside, this is not always the case. In some scenarios, a malicious insider may intentionally abuse their privileged access to systems or data to hurt the organization. In other cases, an employee will expose sensitive data through negligence.
Protecting against insider threats is a core capability of IAM solutions. By managing access and permissions assigned to each user, IAM can minimize the potential impact of a malicious or negligent insider.
Anomaly Detection
Weak passwords, spear-phishing attacks, and other threats can result in an attacker having access to a user’s legitimate login credentials. Under these circumstances, the attacker can authenticate as the user without the possible alerts generated by failed login attempts.
However, in these situations, an attacker will often act very differently from the legitimate user that they are impersonating. They may attempt to access files or systems that they typically do not or perform other anomalous actions. An IAM system should have machine learning (ML) and artificial intelligence (AI) algorithms designed to detect and alert on the anomalous behavioral patterns that point to a compromised account.
Multifactor Authentication
As we’ve already mentioned above, many people use weak passwords, and passwords are commonly reused across accounts, making them very vulnerable to data breaches. Multifactor authentication (IAM) helps to protect against this by making knowledge of a user’s password insufficient to access their account. By requiring users to also have access to a second authentication factor (like a smartphone or smartcard), it becomes much harder for an attacker to access a user’s account.
The Dramatic Growth of Business Identities
The importance of identity and access management is widely acknowledged. However, the complexity of accomplishing this is growing rapidly. According to a recent survey, 52% of security professionals say that the number of identities within their organization has grown by a factor of five within the last ten years. For over a fifth of respondents (21%), the number of identities has grown by a factor of ten.
The reason for this rapid growth in the number of identities and the complexity of managing them is widely attributed to digital transformation. While the growth in organizational headcount is high on the list of reasons (with 66% of respondents citing it), mobile devices (76%), enterprise connected devices (60%), and cloud applications (59%) make up the rest of the top four.
Security Often Lacks IAM Ownership
The increased complexity of identity management is a challenge for organizations’ security personnel. However, it is not the only one. Only a little over half (53%) of security professionals have some level of ownership or control of their organization’s IAM solution, and only 15% have complete ownership. For the remaining 47%, security is at best an influencer (29%) and may be occasionally consulted on security-related IAM issues (15%).
This lack of security ownership and control over IAM is concerning as it makes it more difficult to put in place crucial policies for protecting against identity-related attacks. As the tide of phishing attacks and data breaches is unlikely to end anytime soon, organizations need to implement strong defenses against them to ensure the security of their organizations, users, and the sensitive data in their possession.