With COVID-19 changing our day-to-day operations, protecting digital identities is more important than ever.
By Sarala Rajeshuni
The unwelcome invasion of COVID-19 has shifted the way we operate. As our workforce has been transforming, the world has learned new ways of conducting business, many resorting to remote working in an effort to maintain social distancing. As this pandemic continuous to challenge our global economy and growth, many more companies will adopt the work-from-home culture and employees will embrace a new commute to work—the telecommute. Even as the pandemic recedes with time, our old methods of business will likely remain permanently changed, telecommuting the new norm. With this digital transformation, protecting identities and training employees facing potential cyber-attacks is critical.
Phishing and spear phishing are two common social engineering techniques hackers use to gain the trust of individuals with access to privileged accounts. Using phishing attacks, hackers can install malware on organizations’ networks, gain access to protected data, and collect personal information by directing users to websites which appear legitimate. Unlike phishing attacks which are targeted at multiple users, spear phishing targets specific individuals and is personally tailored. During quid pro quo attacks, hackers masquerade as IT staff and collect login credentials. No matter the method of attack or intention of the hacker, hacking of privileged accounts results in extensive damage expensive data breaches. If malware is installed on multiple computers forming a hacker’s botnet, a distributed denial of service (DDoS) will make systems inoperable. Alternatively, if ransomware is used to block access to systems during a business-critical phase, the only choice organizations are left with is to pay ransom in the form of digital currency. No business sector is exempt from these losses. Cyber-attacks cost finance, healthcare, manufacturing, retail, education, and other sectors alike millions of dollars each year.
Managing identities and their access to critical resources is the first step in protecting them. Identity and access management (IAM) provides a central user repository with the management tools and technologies required to enable password management, automated provisioning and de-provisioning, user activity tracking, and authorization to IT resources. By integrating multiple identity sources and providing single-sign-on, IAM eliminates the use of multiple passwords. Complex passwords provide account protection to a certain extent, but multi-factor authentication (MFA) prevents brute force attacks as hackers cannot access user data without the second factor. While user accounts should be secured with MFA, accounts with administrative access to critical systems should also be protected with Privileged Account Management (PAM). While implementation of these identity measures is complex and incur initial expenses, the security benefits far outweigh the initial startup costs. Protecting digital identities is something organizations cannot and should not compromise.
Sarala Rajeshuni is an SMA Principal Associate in our Program & Operations Management Practice and is certified in Project Management, Leadership and Cyber Risk Mitigation.
If you’re building a team and you have positions you can’t fill, you need to use SMA Talent on Demand (TOD®)! With TOD®, you can find experienced talent, such as Sarala, matched to your exact needs.