![\"Best](\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/05\/World-Password-Day-mod.jpg\")
<\/p>\n<\/p>\n
Solutions Review compiles the best identity management<\/a><\/span> advice from the first half of 2021.\u00a0<\/i><\/b><\/p>\n As part of our ongoing research into the cybersecurity<\/a><\/strong><\/span> market, Solutions Review frequently covers the latest in data breaches, cyber-attacks, and authentication failures. When we do this, we try to accompany the facts with expert advice and perspectives from some of the most recognized voices in cybersecurity<\/a><\/strong><\/span>.\u00a0<\/span><\/p>\n As a result, we\u2019ve accumulated several relevant pieces of identity management<\/a><\/strong><\/span> advice from the first half of 2021, generated by attacks and breaches. We decided to curate our favorites into one article. Here they are:\u00a0<\/span><\/p>\n Nathanael Coffing is CSO at <\/span><\/i>Cloudentity<\/span><\/i><\/a>.<\/span><\/p>\n From: <\/span>Identity Management Experts\u2019 Commentary on the Pixlr Data Exposure<\/a> (January)<\/strong><\/span><\/p>\n \u201cWith hundreds of thousands of user emails and login credentials exposed in this breach, users are at great risk of credential stuffing and\/or phishing attacks. It doesn\u2019t take much for bad actors to cross-reference the compromised data with previously breached records and create accurate profiles of the breach victims. Hackers already have access to previously stolen data on the dark web, which allows them to easily weaponize this free information for their own malicious gain and target users\u2019 financial or healthcare information.<\/span><\/p>\n To avoid future database breaches of a similar nature, organizations need to implement strong methods of secure authorization for all users. To ensure sensitive information is safeguarded, enterprises must implement continuous contextual, fine-grained authorization on the API level, in addition to multi-factor authentication (MFA). By taking these proactive measures to authenticate users and protect their data, organizations can avoid data breaches and the negative consequences that come along with them.\u201d<\/span><\/p>\n Saryu Nayyar is the CEO of <\/span><\/i>Gurucul<\/span><\/i><\/a>.<\/span><\/i><\/p>\n From: <\/span>Findings: F5 2021 Credential Stuffing Report with Commentary<\/a> (February)<\/strong><\/span><\/p>\n \u201cThe recent report from F5 on the state of credential theft volumes and their use in cyber-attacks over the last four years is interesting and shows many organizations are still not following industry best practices for securing user credentials.<\/span><\/p>\n \u201cCredential theft can have long-reaching and expensive aftereffects in lost revenue, incurred mitigation costs, and loss of customer trust \u2013 which is itself difficult to put a price on.\u00a0 Preventing or blunting attacks before they lead to a major breach is generally much less expensive than suffering the fallout from an attack. By following best practices and making sure the organization\u2019s security stack is up to date, including MFA, security analytics, and other technical measures, organizations reduce their risk of being breached in the first place, and can prevent extensive damage.\u201d<\/span><\/p>\n Ray Canzanese is Director of <\/span><\/i>Netskope Threat Labs<\/span><\/i><\/a>.<\/span><\/i><\/p>\n From: <\/span>Security Start-up Verkada Suffers Breach of Over 150,000 Cameras<\/a> (March)<\/strong><\/span><\/p>\n \u201cUnfortunately, we see a lot of companies who don\u2019t apply multi-factor authentication to super-admin accounts with root privileges. This type of hack is preventable if companies have tighter control over super admin credentials to prevent leaks, use multi-factor authentication to prevent leaked or stolen credentials from being used, and monitor access to detect things like failed log-in attempts which can be a precursor to unauthorized access. These types of attacks are becoming more common as more organizations move to cloud and don\u2019t have the policies or measures in place to secure a cloud-first environment.\u201d<\/span><\/p>\n Tom (TJ) Jermoluk, Co-Founder and CEO, <\/span><\/i>Beyond Identity<\/span><\/i><\/a>.\u00a0<\/span><\/i><\/p>\n From: <\/span>Expert Identity Management Day Best Practices<\/a> (April)<\/strong><\/span><\/p>\n \u201cWe are tracking three key trends in identity management. The first is the adoption of passwordless authentication. By this we mean actually eliminating passwords as one of the authentication factors, enabling companies to stop ransomware attacks based on brute-forcing RDP and eradicate the entire class of credential-based attack TTPs used in account takeover attacks. Second, many organizations are looking to replace traditional multi-factor authentication (MFA), which often uses passwords or other \u2018shared secrets,\u2019 with solutions that implement only secure factors and reduce friction for end-users \u2013 for example, by not requiring employees or customers to pick up a second device or fish a one-time password out of their SMS or email. The last, and maybe most important trend, is the confluence of cybersecurity and identity management. One important manifestation is to evaluate the security posture of the endpoint device at the time of login and make a risk-based decision on whether to allow access to cloud apps and resources.\u201d<\/span><\/p>\n Rajiv Pimplaskar is CRO of <\/span><\/i>Veridium<\/span><\/i><\/a>.<\/span><\/i><\/p>\n From: <\/span>The Air India Data Breach: Expert Commentary for Enterprises<\/a> (May)<\/strong><\/span><\/p>\n \u201cWhile the exact cause of the SITA data breach is not yet known, it is clear that loyalty accounts, such as frequent flier or hotel rewards programs are prime targets or \u201choneypots\u201d for credential theft since they contain rich Personally Identifiable Information (PII).\u00a0 Further, loyalty accounts have less stringent rules around password resets or reuse as compared to financial services accounts employing multifactor authentication (MFA) methods thereby making it easier for credential harvesting and lateral movement.\u00a0<\/span><\/p>\n \u201cVerizon\u2019s Data Breach Investigations Report (DBIR) indicates that over 80 percent of data breaches use compromised credentials. Airlines and the hospitality industry need to accelerate their adoption of passwordless technologies such as \u201cphone as a token\u201d or FIDO2 security keys that eliminate this dependence on credentials. Passwordless authentication can reduce the attack surface of such breaches as well as limit the resulting data exposure. Finally, such authenticators have less friction and can be adopted by both employees and customers improving user experience and productivity.\u201d<\/span><\/p>\n Garret Grajek is CEO of<\/span><\/i> YouAttest<\/span><\/i><\/a>.<\/span><\/i>\u00a0<\/span><\/i><\/p>\n From: <\/span>Expert Commentary: The JBS Foods Cyber-Attack<\/a> (June)<\/strong><\/span><\/p>\n \u201cThough the details of the JBS attack are not out, it\u2019s a pretty safe bet that the method of intrusion involved credential theft and privilege escalation.\u00a0 Both of these are key components in the cyber kill chain, the identified method of attack of most exploits. Attackers find a weak way into the system, via stolen passwords, default account credentials, phishing, or some other means.\u00a0 From there, they use lateral movement across the enterprise and privilege escalation to obtain system access to important data. This is why account reviews and knowledge of privilege changes are imperative to a well-controlled enterprise.\u201d<\/span><\/p>\n Thanks to these experts again for their commentary. For more, be sure to check out the Identity Management Buyer’s Guide<\/a><\/strong><\/span>, the Privileged Access Management Buyer’s Guide<\/a><\/strong><\/span>, the Identity Governance Buyer’s Guide<\/a><\/strong><\/span>, or the Solutions Suggestion Engine<\/a><\/strong><\/span>.<\/p>\n\t\t\t![\"IAM](\"https:\/\/solutionsreview.com\/identity-management\/files\/2021\/02\/Identity_Suggestion_Engine_Horiz_800.gif\" "\\"\\"")
<\/a><\/p>\n<\/div>\n\t\t<\/div><\/div>\nBest Identity Management Advice from the First Half of 2021<\/b><\/h2>\n
<\/div><\/p>\nNathanael Coffing<\/strong><\/h3>\n
<\/div>\nSaryu Nayyar<\/strong><\/h3>\n
<\/div><\/p>\nRay Canzanese<\/strong><\/h3>\n
<\/div>\nTom (TJ) Jermoluk<\/strong><\/h3>\n
<\/div>\nRajiv Pimplaskar<\/strong><\/h3>\n
<\/div><\/p>\nGarret Grajek<\/strong><\/h3>\n
<\/div><\/p>\n