sb-au logo
Story image

Exclusive: Three access management learnings from 2018

18 Dec 2018

Article by One Identity APJ technology & strategy regional manager Serkan Cetin

The state of cybersecurity and privileged access management in 2018 shows Australian organisations may still have some way to go before they can consider themselves protected.

There was a renewed global response to data security in 2018, placing pressure on organisations to assume more responsibility for the data they hold.

In Australia, the Notifiable Data Breach (NDB) scheme, came into effect this year, placing new requirements on organisations to disclose data breaches and a greater emphasis on proper security practices.

Despite this scheme, the Office of the Australian Information Commissioner received 550 breach notifications between February 22 and September 30, 2018.

While details about the specific cause of the breaches are sometimes unclear, history exists so we can learn from the mistakes and triumphs of others.

2018 saw breaches at companies like Austal, where staff email addresses and mobile numbers were accessed, or in the National Disability Insurance Scheme that failed to properly confirm the identity of users.

With the benefit of hindsight, here are three identity governance trends that businesses should be aware of for the upcoming year.

An organisation is only as strong as its weakest employee

Employee education remains as critical as ever in a world where business email compromise (BEC) is still a common form of attack by threat actors.

Enterprises must create internal training programs that educate employees on the risks of BEC and help employees identity warning signs of what they may encounter when they are being targeted in a phishing scam.

Effective employee education will make the entire organisation stronger and help to prevent the risk of accidental compromise.

Developing best practice guides for email correspondence and general guidelines for communicating confidential information when handling privileged information, such as not sharing privileged account passwords or other personal account information through email.

If a threat actor gains access to one account and finds additional email addresses and passwords for confidential accounts, it can harm a business’s reputation and have a negative financial impact.

Adopt multi-factor authentication and complex password requirements

Organisations do, however, need more than just educated employees to keep their data and accounts safe.

Multi-factor authentication and complex password requirements offer further layers of security for enterprises.

Multi-factor authentication requires at least two forms of identification to prove identity, such as a password, physical identifier like a card, or a second pin code sent to another device like a mobile phone.

Multi-factor authentication is a solution all organisations should have implemented in 2018 to improve identity management and overall organisational security.

Further, requiring employees to maintain strong password practices that include the standard upper and lower-case letter, number and symbol is essential.

Implementing processes that require they be updated regularly will also go a long way to protecting individuals and organisations from being breached.

With the new NDB scheme in 2018, more emphasis has been placed on the protections that organisations have in place to prevent data being compromised.

By utilising tools like multi-factor authentication, and complex password requirements organisations can be better prepared to govern identity access and account security.

The multi-factor authentication market is expected to reach US$13.59 billion (AU$18.79 billion) by 2022, demonstrating the growing demand for multi-factor authentication within organisations.

Employees are sometimes resistant to adopting these practices because it adds another step to the sign-in process, so it’s crucial that organisations use technology solutions that effectively balance security with employee productivity.

Embrace automation

Artificial intelligence (AI) and automation can assist with simplifying processes for IT teams and employees.

However, research from One Identity’s annual global survey shows one-quarter of Australian organisations still rely on antiquated processes like spreadsheets to manually manage privileged accounts.

Organisations should embrace AI as a solution that will automate identity and privileged access management, benefiting all areas of IT within an organisation.

Automated password reset systems will make password management simpler and more efficient for employees, ultimately reducing the need for IT teams to keep databases manually updated.

Automation will further help with setting up and deprovisioning accounts, ensuring access is granted to, or taken away from employees almost instantly.

This allows IT teams to have a better understanding of the privileged account environment of the organisation.

Learning from the past is important for organisations so they can prepare a privileged access roadmap for the year ahead.

The NDB scheme has placed greater public scrutiny on data security than ever before, and organisations must have the tools to prepare themselves for effective protection.

By educating employees about best practice for email use and passwords and adopting multifactor authentication, enterprises will be better positioned to defend against cyber threats seeking unauthorised access.

Embracing AI will make these processes much easier and improve employee productivity, moving enterprises into the 21st century.

Story image
ESET launches resource to protect remote workers during COVID-19
"If adequate security measures aren’t implemented on every device or network that connects to the corporate network, bad actors can go undetected."More
Link image
RSA offers cutting edge authentication software free
Secure authentication has never been more important now that remote working is the norm. Leverage biometrics, push notification and multi-factor authentication for free now.More
Story image
Remote workers need to improve security measures amidst COVID-19
Technological support and security measures are amongst ways organisations and their employees can protect their business as they move to remote working during the COVID-19 pandemic. More
Story image
Mentorship key to bringing women into cybersecurity - Microsoft
“Diverse teams make better and faster decisions 87% of the time compared with all male teams, yet the actual number of women in our field fluctuates between 10 and 20%. What ideas have we missed by not including more women?”More
Story image
PMT Security launches body-temp scanning solution for enterprise, Seadan to distribute
"It was a no-brainer for us to choose our trusted partners Seadan. We engaged and took advice from them during the decision-making process to find the best UNV product to bring to market."More
Story image
80% of cyber threat landscape uses COVID-19 as leverage - report
A report released recently by Proofpoint reveals the extent to which cyber attackers are capitalising on fear and paranoia surrounding the pandemic, with instances of coronavirus-themed attacks increasing every day.More