The Importance of Identity and Access Management in Cyber Security: Insights from BeyondTrust’s Chief Security Strategist

Identity and Access Management Crucial for Cyber Security, Says BeyondTrust Chief Security Strategist

Identity and access management (IAM) remains central to cyber security, with phishing and compromised credentials often being exploited by cyber criminals to gain access to an organisation’s IT environment, according to BeyondTrust’s chief security strategist, Christopher Hills.

Speaking at the Go Beyond conference in Sydney, Hills emphasized the importance of protecting the identities of people, services, and machines in today’s increasingly remote work environment. With the rise of remote work and the use of on-premise and cloud-based systems, securing IT environments through IAM is essential.

Hills highlighted the significance of security awareness training for employees to ensure they are aware of cyber security issues and understand the procedures to protect their credentials from being compromised. He noted that social engineering in phishing campaigns, such as using fake “active shooter” alerts to lure victims, is a common tactic used by attackers.

To address the challenge of managing multiple passwords and the risk of password reuse, Hills recommended using a password manager instead of relying on browsers to store passwords. He also predicted the increasing use of biometric authentication, such as facial recognition or fingerprints, in combination with passwords for enhanced security.

Additionally, Hills emphasized the importance of access management in controlling supplier and third-party access to systems, especially in interconnected software-as-a-service (SaaS) applications. He advised organizations to grant users only the privileges they need for the time they are needed and to audit and monitor privileges for both humans and machines.

Cyber Insurance Driving Security Improvements

One of the factors driving efforts to improve security is the increasing demands of cyber insurance underwriters, particularly in the wake of the Covid-19 pandemic. Hills noted that underwriters have become more stringent in their requirements and have expanded policy documents to ensure organizations are meeting security standards.

For example, underwriters may deny claims if organizations fail to implement promised security measures, such as multi-factor authentication (MFA) or timely patch and vulnerability management. Hills stressed the importance of having an incident response plan in place and testing processes like data restoration and failover to secondary locations to prepare for cyber incidents.

Overall, Hills emphasized the critical role of IAM in cyber security and the need for organizations to prioritize identity protection, security awareness training, access management, and compliance with cyber insurance requirements to safeguard their IT environments from cyber threats.