Best Practices to Combat Identity-Related Cyberattacks

Across the Asia-Pacific (APAC) region, businesses face a growing challenge: how do you protect digital identities when employees, contractors, and customers access critical data from all corners of the globe? With hybrid work, cloud services, and mobile apps becoming the norm, securing who gets access to what has never been more important, and the old methods of securing data aren’t cutting it anymore.

IDC has forecasted that spending on security in Asia Pacific excluding Japan (APeJ) will grow at a five-year CAGR of 12.8% and reach USD 52 billion by 2027.

The ever-changing technological landscape has increased operational efficiency, but this benefit comes with challenges to navigate through. Among the latter, identity-related cyberattacks are considered the most damaging, as they jeopardise cybersecurity posture and can lead to total business disruption. This propels organisations to adopt emerging tools and technologies to remain secure during adverse times and function effectively.

What is an Identity-Related Cyberattack?

As the name suggests, identity-related cyberattacks are the ones that target and invade the identities within an organisation. These identities, which are both human (users) and non-human (devices, applications), serve as the lifeblood of an organisation’s overall operations. Therefore, when compromised, they leave a huge impact on the organisations’ security posture and overall productivity.

The advent of emerging technologies has made these attacks sophisticated and increasingly difficult to combat. From AI-generated phishing and social engineering attacks to credential theft, these technologies have made attacks highly targeted and difficult to detect. However, these very technologies have also empowered organisations to strengthen their defences against these threats and fortify their identity security framework.

The Need for Identity Security

In the vast digital landscape, identity security has become mandatory to monitor threats proactively, protect against cyberattacks, and adhere to regulatory standards. ManageEngine’s 2024 Identity Security Report indicates the very need for identity security amidst modern organisations, wherein 79% of Singapore respondents stated that they could benefit from adopting identity security tools to protect themselves from potential threats in the future.

Identity security is no longer just a technical concern; it is also a business imperative that enables safe digital transformation and determines an organisation’s resilience. For that reason, professionals—from executives and leaders to specialists—lay emphasis on embracing the latest advancements, such as AI, to have complete visibility to safeguard assets and ensure maximum productivity.

Identity Security Tools

Modern organisations are compelled to elevate their cybersecurity strategy by deploying the right set of identity security tools. The survey mentioned above attests to the same, wherein 57% of Singapore respondents strongly believe that embracing AI advancements will strengthen their line of defence against various sophisticated cyberattacks. Welcoming such fairly advanced technologies will ensure that every digital interaction within an organisation is monitored and authorised to prevent external threats, insider attacks, and accidental misuse.

Identity security tools are designed to safeguard the security posture of any organisation by protecting digital identities, devices, applications, etc. What began as simple password managers has now developed into a series of improved tools and processes, such as single sign-on (SSO) solutions and multi-factor authentication (MFA).

Presently, the market for identity security tools is teeming with numerous options that can contribute to tool sprawl. While tool sprawl is beneficial in terms of providing comprehensive security, it can also lead to difficulties in integration, hamper interoperability, create a siloed approach, and widen security gaps further. Therefore, it is important for the right set of additional tools to enhance innovations and ensure that security isn’t compromised.

Never Trust, Always Verify

Organisations should implement Zero Trust (ZT) solutions in order to improve their cybersecurity posture in the quickly changing threat landscape of today. The “never trust, always verify” tenet of ZT principles makes sure that all access requests, regardless of where they come from, are verified.

According to ManageEngine’s report, less than 25% of respondents across the region have implemented zero standing privileges (ZSP), despite over 60% focusing on identities within their ZT strategies. In Singapore, 24% of organisations lack a ZT-focused identity security strategy. Among those striving for ZSP, 69% cite the absence of processes, workflows, and tools as the primary challenge.

Across all regions, the journey to ZSP is hindered by technological and operational gaps, highlighting the need for comprehensive solutions to address these concerns.

Staying Ahead of The Game

An organisation’s identity security strategy is effective when its technology, processes, and—most importantly—its people come together. In an ecosystem that has a plethora of target vectors and is replete with sophisticated cyberattacks focusing on them, it is important for all of the above pillars to work harmoniously and mitigate the threats. This approach will ensure that the strategic vision of identity security is translated into practical reality for organisations.

Attribution: Kumaravel Ramakrishnan, Technology Director, ManageEngine