Intelligent CISO Issue 50 - Page 30

Passwords and usernames are still the cornerstones of identity-based security for many organisations , as well as a critical threat .
editor ’ s question

?

or decades ,

F cybersecurity teams focused primarily on creating a secure perimeter that would keep attackers permanently away from corporate systems . But in recent years , the ‘ perimeter ’ security model has become less and less relevant and , with the pandemic accelerating the adoption of remote working , it is now finally obsolete . Companies around the world are confronted with a new concept of perimeter : the digital identity . When it comes to cyberthreats , all roads continue to lead to identity and managing this securely and protecting it from misuse is now a must for security teams .

Digital Transformation , the move to cloud and requirements for remote working have only made it easier for cybercriminals as organisations struggle to secure an expanded threatscape and get a handle on identity sprawl . Companies of all sizes need to focus on centralising identities while also reinforcing best practices and training to ensure employees are doing everything possible to secure their credentials .
Unfortunately , passwords and usernames are still the cornerstones of identity-based security for many organisations , as well as a critical threat . As evidenced in the 2021 Verizon Data Breach Investigations Report ( DBIR ), 61 % of all security breaches can be attributed to the exploitation of compromised credentials .
Many organisations ’ efforts to effectively secure their identities are hampered by

Passwords and usernames are still the cornerstones of identity-based security for many organisations , as well as a critical threat .

outdated infrastructures and technical requirements , severely limiting their ability to adequately respond to threats . To make matters worse , there has been a significant increase in the number of employees who have a privileged
JOSEPH CARSON , CHIEF SECURITY SCIENTIST & ADVISORY CISO , DELINEA user account with extensive access rights and management functions . It is precisely these accounts that are highly prized by cybercriminals , as they provide access to a wide range of resources and powers , including the ability to access and modify sensitive material or even delete logs to cover their tracks .
In an age where identity has become the new perimeter , organisations need to embrace security technologies that enable them to selectively secure user access with extended access permissions and management authority . Privileged Access Management ( PAM ) solutions can help them guard the new perimeter by providing a security solution that combines interoperability , automation and orchestration .
When the principles of interoperability , automation and orchestration are the focus , companies benefit in two ways . First , it mitigates the risk of compromised credentials being misused by threat actors , and second , it ensures that employees can take full advantage of the productivity gains that a cloudbased , remote-enabled environment offers them .
The traditional perimeter was doomed long ago and has now been replaced by a permeable , flexible and ever-changing perimeter based on individual identities . Reacting to this new reality and adapting their security measures to it is not an option for companies . Remember : it only takes one compromised identity to negatively impact the company ’ s financial performance , customer loyalty and brand reputation , potentially costing millions of dollars . u
30 www . intelligentciso . com