Ways to Prevent Identity Management Threats in 2021
Identity management can seem like a hazy term. It usually refers to the way people in an organization access data and resources, usually on a company network, and the infrastructure and technologies that enable this access.
With the global situation forcing millions of people to work from home, identity management is more of an issue that it has ever been before. The way people access documents on their company's network, conduct online meetings and generally work with company-issued equipment and accounts from their home at the moment poses some significant risks that are usually slightly mitigated in an office environment.
There are a couple of key points that pose security risks and threats to identity management.
The first of those would be password management, security and credential stuffing that is closely related to those two. The struggle to teach people how to construct sufficiently strong passwords is ongoing, as we saw in a previous article.
We examined the most commonly used passwords in 2020 and the results are still far from encouraging, with an obvious prevalence of extremely poor passwords.
The only real hindrance in the path of credential stuffing and the abuse of password leaks is multi-factor authentication. Despite its advantages, it is not universally adopted and there are still large services and platforms that do not offer MFA as an option.
Another identity management threat that companies need to deal with is control and monitoring of user accounts and user access. A single compromised user account often goes unnoticed for too long and its activity is often too poorly monitored by the infrastructure, with too few automatic tripwires that can set off the alarm.
There are multiple cases of successful cyber attacks that were carried out due to the fact that a network was not following the principle of least privilege. This means that employee accounts had access and privileges that they did not need to carry out their respective tasks, allowing compromised low-level employee accounts to wreak havoc across the entire network.