Through ISMG's Lens: Identity & Access Management | Edition 11
Your weekly dose of cybersecurity news, ISMG event highlights and latest interviews with global infosec leaders.

Through ISMG's Lens: Identity & Access Management | Edition 11

Data breaches stemming from identity compromise, such as #phishing, are an all-too-common event. Organizations can stop data breaches by adopting identity and access management (IAM) solutions that promote better security behavior.

The goal of #IAM is deceptively simple enough to say: Making sure the right people have the right access at the right time. Actually achieving it is much harder.

Security and business managers have known that IAM must be driven by business requirements. But typically, IAM processes are IT-centric rather than business-driven. Traditional IAM systems have proven prohibitively expensive to deploy and operate, limiting their breadth of coverage and effectiveness.

Here’s what the community is talking about #identityandaccessmanagement:

Cybercriminal Service 'EvilProxy' Seeks to Hijack Accounts, by Jeremy Kirk

No alt text provided for this image

One of the biggest challenges for #cybercriminals is how to defeat multifactor authentication. New research has uncovered a criminal service called "EvilProxy" that uses session hijacking to steal session cookies to bypass MFA and compromise accounts. Read the full story

Lack of Access Management Is Causing Data Breaches, by Isa Jones

No alt text provided for this image

The costs of hacks are rising, the amount of #ransomware is rising, and the number of organizations that have been breached will also rise unless organizations take action. Read the full story


The Growing Number of Use Cases for Verifiable Credentials, by Marianne McGee

No alt text provided for this image

Decentralized identifiers and verifiable credentials, in which consumers can use their digital identity credentials for a variety of tasks, have significant evolving potential within the realm of identity and access management, says Merritt Maxim , vice president and research director at Forrester . Watch the full interview

How to Spot the Latest Tactics in Business ID Scams, by Suparna Goswami

No alt text provided for this image

Why is business #identitytheft increasing, and what are the latest tactics fraudsters are using to scam businesses and gig workers? Eva Casey-Velasquez , CEO at the Identity Theft Resource Center - Nonprofit , shares her views on how business identity theft has evolved over the years and how to prevent it. Watch the full interview

ISMG Editors: How a Teen's Hack of Uber Adds to MFA Crisis, by Anna Delaney ft. Mathew Schwartz , Michael Novinson

No alt text provided for this image

In the latest weekly update, ISMG editors discuss the industry-wide implications of a teenager hacking into Uber 's internal systems, key trends in the new Gartner SD-WAN Magic Quadrant report, and how ethics and security culture are center stage due to recent CISO revelations at Uber and Twitter. Watch the full episode

Securing Identities Across Multiple Clouds, by Brian Pereira

No alt text provided for this image

Multi-cloud environments pose major challenges to security practitioners, who need full visibility of infrastructure and applications. Organizations should unify identity and security controls to monitor the entire threat landscape, says Terence Gomes, country head of Microsoft security in India. Watch the full interview

The teams do not know who has access to what, which applications have been given permissions, which resources have been given permissions. So the whole adoption of multi-cloud, the identity and permission management, is a bigger challenge than one would have imagined." - Terence Gomes country head of security in India, Microsoft
No alt text provided for this image

Know Your Editors:

No alt text provided for this image

ISMG is one of the world’s largest media organizations devoted solely to information security and risk management with reportage and analysis from the industry’s award-winning journalists. A look at who's behind the wire:

Here’s putting the spotlight on Brian Pereira , director of the global news desk at Information Security Media Group (ISMG)

What do you enjoy doing in your spare time?

  • Swimming, enjoying nature, traveling and experiencing new cultures, reading, listening to music, teaching, and blogging. 

Your productivity hack

  • Always have a Plan B and a Plan C. Worry about tomorrow. Things do not work out as you envision them. Imagine the worst that could happen, especially when you are not entirely in control of the event or situation. Use a planner/organizer and plan.

Advice for young cybersecurity enthusiasts

  • The field is evolving, and there are lots of opportunities to harness in this industry. So, keep learning every day. Read security blogs, follow cybersecurity practitioners and influencers, listen to podcasts, read articles, and achieve cybersecurity certifications.

Favorite book/piece of an article - tech or non-tech

  • Steve Jobs: The Exclusive Biography by Walter Isaacson.

Recent must-read article or must-watch interview on ISMG’s media network

A famous quote or saying that you abide by

“Stay hungry. Stay foolish.” - Steve Jobs.

  • One of the biggest downsides of success is that it can cause you to become lazy and complacent. It’s important to continue taking risks and pushing yourself to try new things. Stay hungry for new ideas and new opportunities.

Your fondest memory of ISMG

No alt text provided for this image

  • There are many! But when colleagues approach me for advice, and we chat about other aspects like art, personal investments, travel, careers - that’s the stuff that thrills me. In return, I gift them a book to read.

Next big technology or concept you’re looking forward to in the cyberspace

  • Quantum computing, post-quantum encryption, homomorphic encryption, MESH ( Gartner )

No alt text provided for this image

That's all for today. We will be back next week.

Until then, stay current with the latest happenings in cybersecurity by subscribing to our newsletter.

 Have a nice day ahead.

-- ISMG Social Media Desk

Margarida De Oliveira

Head of Interactions @Critical Techworks/BMW Group | Mentor @Startup Lisboa

2y

Phishing resistant methods such as FIDO and PKI cannot be intercepted, replayed, or guessed. Passwordless MFA is not the future, it is the Today's solution. As long as there's reliance on phishable factors, these attacks will persist. Phishing resistant and passwordless authentication is the best path forward!

To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics