Security teams are facing “the perfect storm” these days, with four seemingly important factors at play: artificial intelligence and Generative AI; geopolitical dynamics; modification of regulatory compliance requirements; and, in particular, the continued growth of ransomware. They all lead to a very complex threat scenario that requires significant effort from cybersecurity professionals to protect their enterprises. At the heart of these next-generation cyber defenses lies the fundamental concept of identity, and unfortunately, what identity actually entails is changing significantly.
That’s according to Alberto Yépez, managing director of Forgepoint Capital, who raised the alarm about the perfect storm in one of the keynote sessions of today’s virtual Dark Reading event focused on “Disruptive Cybersecurity Technologies.”
Yépez noted that, for example, security teams can’t fight ransomware through just one solution. Ultimately, the goal a the threat actor used ransomware is accessing sensitive and valuable data located on someone’s network, and they do this by attacking a fundamental principle of networking that affects many different systems. “They want to try to compromise your identity,” Yépez says, because this is the entrance to the rest of the kingdom.
“The moment [threat actors] enter, they try to exploit vulnerabilities in your network. They look for known vulnerabilities in your personal device or your servers or your network,” he said. “They stay in your network and try to figure out what information becomes critical to them so they can get the most benefit from it.”
Developing next-generation identity protection solutions
As for the identity technologies that companies use to protect themselves, Yépez argues that they no longer fully serve us. Users must be vigilant in protecting their credentials if they want to protect their personally identifiable information (PII), but the key to addressing these issues goes beyond simply developing new information. identity management solutions and practices. We also need to change our perspective on what identity is and what it is becoming.
As Yépez noted, “Identity is not just about us.”
He explained: “We ourselves have multiple personalities. Whenever we have an account or an ID that we set up in our system or in a banking system [it’s a new ID] – we have so many different digital identities and personas.” He added that “software has an identity too”, with its own credentials that need to be safeguarded.
“Don’t just [thinking] that identity is just the individual or multiple digital personalities,” Yépez said, explaining that in addition to software instances, mobile applications have their own identities, as do various pieces of infrastructure, browsers, routers, cloud buckets and all the rest.If these are all aspects of a company’s multi-faceted identity footprint, then every aspect of it must be managed and protected from threat actors.
This, of course, makes it even more difficult to protect organizations from threats, but thinking about identity from this perspective broadens security teams’ collective perception of the threat landscape. In the age of “multiple digital personas,” security teams must consider all the moving parts that require attention, especially with the aforementioned perfect storm always on the horizon in the form of the latest technologies and the threats that accompany them.
As Yépez says, “Ultimately, once credentials are compromised,” all bets are off in terms of data protection.