Identity and access management (IAM) is a cornerstone of cyber security and a key element in digital delivery for any organisation. Understanding who a user is, and whether they have the access rights to only the required resources is a central requirement of cyber systems. While it sounds simple enough, this is a complex task.
Cyber criminals commonly target user identities as a way to gain initial access. Why? It’s easy pickings. Unauthorised access is among the highest ranked attack vectors1 for Cyber criminals.
Passwords have traditionally been the mainstay of authentication controls but are both difficult to use and often ineffective. Most people know they should use a different password for each system, but it’s virtually impossible without a password manager. It’s little wonder so many people repeat passwords despite knowing better2.
But innovation is emerging as the answer. Moving forward, passwords won’t be our default means of protection. New technology is both challenging identity and access management legacy protections and providing new ways to address it.
The Australian Government’s recently launched Cyber Security Strategy focuses on the need for better identity and access management to prepare businesses for a technologically enabled future. But there are still numerous, efficient moves businesses can make today to get on the front foot.
This blog is authored by Andrew Hayes, Richard Alleman, Anthony Treyvaud and David Loone.