Identity and Access Management: Preventing a Cyber Attack

I read the linked article to see if there were any new insights on the application of IAM to prevent the kind of attacks we see. Nope.

That prompted me to think of a simple way of prioritising the security and privacy related actions that we all should take. If I start by pointing out that the most common method of attack is phishing. That means that IAM would be useless to prevent as an already authenticated user is the route for the attack. It would be a much better use of resources to attend to basic cyber hygiene (is everything patched and up to date, have you got any unauthorised devices connected?) and put some early warning mechanisms in place so that when (not if) a well-intentioned user clicks on a link in an email (despite your best efforts in training them) it has much less chance of leading to a catastrophic impact on your business…:

[…] Digital identity is a significant component of any organization’s digital strategy. It ensures the delivery and security of systems, data, and applications.


Original article here