Through ISMG's Lens: Identity & Access Management | Edition 11
Data breaches stemming from identity compromise, such as #phishing, are an all-too-common event. Organizations can stop data breaches by adopting identity and access management (IAM) solutions that promote better security behavior.
The goal of #IAM is deceptively simple enough to say: Making sure the right people have the right access at the right time. Actually achieving it is much harder.
Security and business managers have known that IAM must be driven by business requirements. But typically, IAM processes are IT-centric rather than business-driven. Traditional IAM systems have proven prohibitively expensive to deploy and operate, limiting their breadth of coverage and effectiveness.
Here’s what the community is talking about #identityandaccessmanagement:
Cybercriminal Service 'EvilProxy' Seeks to Hijack Accounts, by Jeremy Kirk
One of the biggest challenges for #cybercriminals is how to defeat multifactor authentication. New research has uncovered a criminal service called "EvilProxy" that uses session hijacking to steal session cookies to bypass MFA and compromise accounts. Read the full story
Lack of Access Management Is Causing Data Breaches, by Isa Jones
The costs of hacks are rising, the amount of #ransomware is rising, and the number of organizations that have been breached will also rise unless organizations take action. Read the full story
The Growing Number of Use Cases for Verifiable Credentials, by Marianne McGee
Decentralized identifiers and verifiable credentials, in which consumers can use their digital identity credentials for a variety of tasks, have significant evolving potential within the realm of identity and access management, says Merritt Maxim , vice president and research director at Forrester . Watch the full interview
How to Spot the Latest Tactics in Business ID Scams, by Suparna Goswami
Why is business #identitytheft increasing, and what are the latest tactics fraudsters are using to scam businesses and gig workers? Eva Casey-Velasquez , CEO at the Identity Theft Resource Center - Nonprofit , shares her views on how business identity theft has evolved over the years and how to prevent it. Watch the full interview
ISMG Editors: How a Teen's Hack of Uber Adds to MFA Crisis, by Anna Delaney ft. Mathew Schwartz , Michael Novinson
In the latest weekly update, ISMG editors discuss the industry-wide implications of a teenager hacking into Uber 's internal systems, key trends in the new Gartner SD-WAN Magic Quadrant report, and how ethics and security culture are center stage due to recent CISO revelations at Uber and Twitter. Watch the full episode
Securing Identities Across Multiple Clouds, by Brian Pereira
Multi-cloud environments pose major challenges to security practitioners, who need full visibility of infrastructure and applications. Organizations should unify identity and security controls to monitor the entire threat landscape, says Terence Gomes, country head of Microsoft security in India. Watch the full interview
“The teams do not know who has access to what, which applications have been given permissions, which resources have been given permissions. So the whole adoption of multi-cloud, the identity and permission management, is a bigger challenge than one would have imagined." - Terence Gomes country head of security in India, Microsoft
Recommended by LinkedIn
Know Your Editors:
ISMG is one of the world’s largest media organizations devoted solely to information security and risk management with reportage and analysis from the industry’s award-winning journalists. A look at who's behind the wire:
Here’s putting the spotlight on Brian Pereira , director of the global news desk at Information Security Media Group (ISMG)
What do you enjoy doing in your spare time?
Your productivity hack
Advice for young cybersecurity enthusiasts
Favorite book/piece of an article - tech or non-tech
Recent must-read article or must-watch interview on ISMG’s media network
A famous quote or saying that you abide by
“Stay hungry. Stay foolish.” - Steve Jobs.
Your fondest memory of ISMG
Next big technology or concept you’re looking forward to in the cyberspace
That's all for today. We will be back next week.
Until then, stay current with the latest happenings in cybersecurity by subscribing to our newsletter.
Have a nice day ahead.
-- ISMG Social Media Desk
Head of Interactions @Critical Techworks/BMW Group | Mentor @Startup Lisboa
2yPhishing resistant methods such as FIDO and PKI cannot be intercepted, replayed, or guessed. Passwordless MFA is not the future, it is the Today's solution. As long as there's reliance on phishable factors, these attacks will persist. Phishing resistant and passwordless authentication is the best path forward!