Identity Management Day: educating businesses on secure digital identification
By Gaia Lamperti
Today marks Identity Management Day, an awareness day aiming to educate businesses on the importance of managing and securing digital identities. Started in 2021 and hosted by the Identity Defined Security Alliance and National Cybersecurity Alliance, the initiative shares best practices across the industry and there are many ways to participate as a consumer, practitioner, vendor or end-user organisation.
Indeed, with 79% of organisations having experienced an identity-related security breach within the last two years and 15 billion passwords currently available on the Dark Web, it is crucial for organisations of all shapes and sizes to build awareness of the threats they are subject to and the security outcomes and approaches available to maintain optimum security.
“Managing identity is one of the key challenges for the modern world; despite living and working in a digital society for decades, we are still seeing major data breaches caused by weak passwords and poor security practices. Meanwhile, around 99% of organisations believe that their identity-related breaches were preventable,” said Nils Gerhardt, Chief Technology Officer at Utimaco, a software company people around the world against terrorism and organized crime.
Particularly since the Covid-19 pandemic, fraudsters have been targeting enterprises for identity thefts, account takeover attacks, and data breaches, even more. According to TransUnion’s US Financial Hardship Report, digital fraud related to Covid-19 was at 31% last year, with phishing being the most commonly reported crime at 28%.
This is just a small patch from the huge cyber breach array that has been looting enterprises and taking advantage of their digital vulnerability. Enterprises should ask themselves if they know their customers. In the digital world, it is easier to flash fake identities since there is no physical presence and you can’t check if it is the same person. FinTech organisations should be more careful while new account openings and transactions using digital interfaces.
For this reason, many enterprises are embracing digital identity verification strategies to ensure maximum security from soaring cybercrimes and data breaches. The remote working phase is going to last for some time and digitally empowering organisations with up-to-date software is the only way to defeat next-gen cyber attackers.
“Identifications software should be designed to answer a fundamental question: is the person I am interacting with who they say they are?” added Gerhardt. “If misuse of a digital identity is to be avoided, identity data must be generated, stored, and processed in a secure manner. Solutions like public and private key architecture and data protection are all based on this basic principle and are a key component to securing digital identities and the overall digital security ecosystem with a secure root of trust.”
“Manual tools and processes necessitate a great deal of human effort, which can make the process inefficient and prone to error. They also have a tendency to fragment visibility, making remediation more difficult and increasing security risks. For this reason, we welcome the Identity Defined Security Alliance’s focus on identity management, and we add our voice to those calling on decision-makers to understand the importance of security best practices, processes, and technology,” he concluded.