This story may not be as hot as the Equifax breach but the damage is significant and it is happening one business, organization, and enterprise at a time.
Spearphishing has become increasingly sophisticated as a method to trick employees into compromising their own credentials. It leads others to unknowingly activate some sort of malware that gets the phisher access into a company’s system.
Against this backdrop and the insider threat, we found experts in the session “Close the Front Gate: Identify all Travelers,” which was focused on Identity and Access Management. The panel was part of SecureWorld Detroit, the largest cybersecurity conference in the city for 15 years now.
That’s where we met Dave Culbertson of CA Technologies.
He wasn’t pushing the fact that his company is in Gartner’s Magic Quadrant for Access Management or talking about CA’s recent acquisition of Veracode.
Instead, he focused on best practices—things he has seen work in multi-factor authentication, privileged identity management, and entitled access review.
When it comes to managing, controlling, and monitoring access within your organization, “Executive sponsorship is a great starting point,” he says, “because it takes an ongoing commitment of resources.”
Teams should not approach this as project based. Instead, it should be viewed as an ongoing part of your cyber risk strategy.
And you should consider how extensive your program will be. Do you provide this as a service across the enterprise, or is your goal more departmental in nature?
Discussion during the panel was wide-ranging, but clearly, there are considerations around technology and what you should have, at a minimum:
The answer to all four of these questions should be yes, according to the panelists.
As many InfoSec leaders and teams have learned the hard way, the greatest tools aren’t worth much unless they come with relevant implementation for what you are trying to accomplish.
After the SecureWorld panel was done, we had a chance to talk with Dave Culbertson about this crucial implementation piece and what it looks like for IT and cybersecurity, plus what it should feel like for end users. Here’s the interview:
You can request Gartner’s Magic Quadrant report for Access Management here.
And thanks to all the panelists who drove such an interactive session at SecureWorld Detroit.