As businesses increase their digital estate, insider theft poses an increasingly large risk. Whether it’s through malicious parties gaining access to crucial systems and data or employees stealing information to which they should never have had access, firms should be considering these scenarios carefully.
This has been exacerbated by the economic climate, with layoffs and a greater reliance on third-party individuals leading to a lack of oversight and cohesion when it comes to access management. Stolen credentials or over-provisioned contractors can be the first crack in the armor for any business.
In this episode, Rory speaks to Fran Rosch, CEO of digital identity specialist ForgeRock, about the pressing need for better scrutiny of third parties and how companies can control systems access through identity governance.
Highlights
“By leveraging technology, you can really limit your exposure, because you really understand who has access to what and you're limiting the privilege to information unless it's absolutely needed for people to do their jobs.”
“When we think of this accidental user-driven compromise, a lot of it comes down to good old-fashioned phishing, or spear phishing… where users get an email, they think it's from their colleague or they think it's from IT.”
“What we believe, ultimately, is that through open standards and policies there have to be several different… credential issuers or identity providers (IDPs). And as long as they follow open standards, then companies can go ahead and rely on them.”
Read the full transcript here.
Footnotes
- 2022 Cost of Insider Threats: Global Report
- What is identity management and what role does it play in a security strategy?
- What is multi-factor authentication (MFA) fatigue and how do you defend against attacks?
- What is two-factor authentication?
- Amazon, Salesforce to cut 26,000 jobs as tech layoff spree continues
- Twitter executes orders to fire around 3,700 employees, locks offices shut
- Meta cuts 11,000 staff, citing wrong call on investment
- “Great resignation” sparks concern over insider data leaks
Subscribe
-
Cleo attack victim list grows as Hertz confirms customer data stolenNews Hertz has confirmed it suffered a data breach as a result of the Cleo zero-day vulnerability in late 2024, with the car rental giant warning that customer data was stolen.
-
Lateral moves in tech: Why leaders should support employee mobilityIn-depth Encouraging staff to switch roles can have long-term benefits for skills in the tech sector
-
The new era of cyber threatsITPro Podcast With AI-powered attacks and state-backed groups, security teams face face a new wave of sophisticated threats
-
Supply chain scares and Google’s AI codeITPro Podcast As the ransomware attack on Blue Yonder disrupts a wide range of firms, Google moves to lead by example on internal AI code
-
Halloween special: Cybersecurity horror storiesPodcast Join us for three terrifying tales sure to chill any IT professional to the core
-
Securing your business with education and trainingITPro Podcast Keeping your workforce updated on the latest threats requires a cohesive cyber skills strategy
-
Cracking open insider threatsITPro Podcast Leaders need to perform strict identity measures on would-be hires – and ensure employees who leave have access promptly removed
-
Protecting the public sector from hackersITPro Podcast With the public sector facing increasingly sophisticated threat actors, leaders need centralized security plans and better communication
-
How cyber attacks damage mental healthITPro Podcast As staff struggle to cope in the immediate aftermath of a cyber incident, leaders must do more to foster a culture of support
-
LockBit leader revealed: What it means for ransomwareITPro Podcast With LockBit's founder having been unveiled publicly and with international law enforcement still digging into detailed attack stats, the group is on high alert
