Track and trace: Identity management day is coming

Identity and facial recognition. — Image by © Tim Sandle.

A major weakness with the cybersecurity practices and IT governance within many firms surrounds the dangers of not properly securing identities and access credentials. To help to remind companies about the importance of effective identity management, Identity Management Day arrives on April 9, 2024. This is another day for the corporate calendar to take note of. The purpose is:

“A day of awareness to educate business leaders, IT decision makers, and the general public about the importance of identity management.”

Spelling out what Identity Management Day means in practice for Digital Journal is Almog Apirion, CEO and Co-Founder at Cyolo.

Apirion begins by setting out the context for the control and management of information, noting, from the U.S. business perspective: “Currently, 73 percent of enterprises lack a complete inventory of their Operational Technology (OT) assets – leaving the backbone of industrial control and infrastructure vulnerable to cyberattacks.”

In terms of the risks this generates, Apirion states: “Unsecured OT environments threaten public well-being and the physical safety of workers in the field as they engage with these systems.”

When it comes to internal risk factors, the culprit is not technology but instead the behaviours of people. As Apirion spells out: “It’s been said before, but the reality is that humans remain one of the greatest risks for organizations, and Identity Management Day serves as a crucial reminder that nowadays hackers don’t break in, they log in.”

Conceptually, Apirion thinks: “Identity is the new perimeter, as organizations increasingly seek comprehensive remote privileged access management (RPAM) strategies that secure systems – online, offline, legacy, and modern – and manage access for both internal and third-party users.”

As to how this can be enacted in practice, Apirion thinks: “This includes enforcing access controls according to the principle of lead privilege, which prevents users from accessing anything beyond the resources they need to do their jobs.”

Another advantage that is possible is: “This helps to mitigate the risks of unauthorized access, limits the potential spread of ransomware and other malware, and even reduces the damage of human errors.”

As with the benefits for the business community, Apirion finds: “By achieving complete visibility into their infrastructure and enforcing stringent authentication protocols, enterprises can fortify their defences against evolving cyber threats, safeguarding both physical operations and the safety of their workforce and the public.”