Identity Management Day is dedicated to creating awareness about the importance of identity management and securing digital identities. Led by the Identity Defined Security Alliance (IDSA), in partnership with the National Cyber Security Alliance (NCSA), this annual awareness event will take place on the second Tuesday in April every year. The inaugural Identity Management Day was held on April 13, 2021. Identity Management has long been considered an operational function – it enables the right individuals to access the right resources at the right times for the right reasons. However, in recent years, identities have become the prime target for hackers, allowing them to simply login with a set of valid credentials, a username and password, that have been stolen, phished or simply guessed.
“Raising awareness around identity management is especially critical after a barrage of identity-based breaches made headlines in the past year, including Twitter, Marriott, and Nintendo,” said Julie Smith, Executive Director of the IDSA. “Additionally, the ongoing pandemic has accelerated digital transformation initiatives that support changes in how we work and how we live day-to-day, putting organizations at greater risk. Our hope is that an industry-led Identity Management Day will result in higher prioritization of identity security, and as a result, fewer data breaches in 2021 and beyond.”
“It’s a foregone conclusion that threat actors are exploiting abnormal times to intensify cyberattacks against businesses and consumers alike,” said Kelvin Coleman, Executive Director of NCSA. “As we’ve seen with initiatives like Data Privacy Day and Cybersecurity Awareness Month, an impactful, wide reaching campaign to highlight the need for increased awareness, education and vigilance about cybersecurity hygiene is integral to creating effective deterrent behaviors and minimizing security risks for organizations and the public at large.”
FACTS AND FIGURES
- 79% of organizations have experienced an identity-related security breach in the last two years, and 99% believe their identity-related breaches were preventable (IDSA)
- 81% of hacking-related breaches leverage weak, stolen, or otherwise compromised credentials (Verizon Data Breach Investigations Report)
- 74% of data breaches involve access to a privileged account (Centrify)
- 73% of users use the same password for multiple sites, and 33% of people use the same password every time (DigiCert)
- $51-$72 Billion in losses to the worldwide economy could be eliminated through the proper management and protection of identities (AIR Worldwide)
NCSA encourages all individuals to protect their online identities through the following messages:
Think before you click: If you receive an enticing offer via email or text, don’t be so quick to click on the link. Instead, go directly to the company’s website to verify it is legitimate. If you’re unsure who an email is from—even if the details appear accurate—or if the email looks “phishy,” do not respond and do not click on any links or open any attachments found in that email as they may be infected with malware.
- Why? Attackers often send fraudulent email and text messages, referred to as phishing, in order to trick individuals into providing information such as usernames and passwords, or to download malware.
Share with care: Think before posting about yourself and others online. Consider what a post reveals, who might see it and how it might affect you or others. Consider creating an alternate persona that you use for online profiles to limit how much of your own personal information you share.
- Why? Personal information readily available online can be used by attackers to do a variety of things, including impersonation and guessing usernames and passwords.
Lock down your login: Create long and unique passphrases for all accounts and use multifactor authentication (MFA) wherever possible. MFA will fortify your online accounts by enabling the strongest authentication tools available, such as biometrics or a unique one-time code sent to your phone or mobile device. Use password managers to generate and remember different, complex passwords for each of your accounts.
- Why? Duplicating passwords or using common passwords is a gift to hackers. If one account is compromised, a hacker will typically try the same username and password combination against other websites through “password spraying.” A second method of authentication provides extra protection even if a username and password is compromised.
Get savvy about WiFi hotspots: Public wireless networks are not secure. Anyone could potentially see what you are doing on your laptop or smartphone while you are connected to them. Limit what you do on public WiFi and avoid logging in to key accounts like email and bank accounts. Consider using a virtual private network (VPN) or a personal/mobile hotspot if you need a more secure connection.
- Why? Attackers can insert themselves between your device and an unsecured WiFi network to intercept account information and other sensitive data or to download malware on to your unprotected device.
Keep a clean machine: Keep all software on internet connected devices – including personal computers, smartphones and tablets – current to reduce risk of infection from ransomware and malware. Configure your devices to automatically update or to notify you when an update is available.
- Why? Software updates often fix security flaws. Outdated software can be riddled with security holes easily exploited by attackers.
Own your online presence: Every time you sign up for a new account, download a new app, or get a new device, immediately configure the privacy and security settings to your comfort level for information sharing. Regularly check these settings (at least once a year) to make sure they are still configured to your comfort.
- Why? Attackers are likely to try the default login information for internet connected devices – typically admin – to try and gain access. While the default settings for most online accounts provide the website owner with the most information for a personalized experience, loose privacy settings could mean your data is being shared without your knowledge.
Why Identity Management Matters