God rest ye merry IT men, let nothing you dismay; Remember hackers’ prime season began on Black Fri-day…
While Avatier shows off its new access certification tool, Compliance Auditor, at the annual Gartner Identity and Access Management (IAM) Summit next week, a special group of people around the world is busy preparing to increase your cyber security risks over the holidays.
No, I’m not talking about Hanukkah, Kwanza or Christmas retailers. I’m talking about corporate hackers.
Three years ago, at DEFCON 17, a survey of hackers revealed that 81% of them admitted they are far more active during the winter holidays than any other time of year. Moreover, Christmas (56%) and New Year’s Eve (25%) were cited as the two busiest nights for those who pose cyber security threats. The study noted that, while vacations during other times of the year tend to be staggered and therefore ensure some human element is on duty to oversee cyber security risks, the Christmas and New Year’s holidays leave companies far more shorthanded and therefore more vulnerable to cyber security risks.
With hackers on the prowl and personnel scarce, the holidays seem like a particularly important time to ensure that the automated user provisioning and automatic group management segments of a company’s IAM solution are up-to-date and working properly. But complete cyber security and user provisioning goes beyond just those elements.
Here are the items that should be on every corporation’s “cyber security wish list” if they want to keep from being the victim of holiday hacking:
- Password Management System: 70 to 80 percent of all network damage is performed by a hacker with a stolen or guessed password. When users select passwords they can easily remember such as names of spouses or children or other easily discovered names or numbers, hackers can quickly crack them with readily available password cracking tools. Unfortunately, when users choose more difficult, easily forgotten, passwords, help desk password reset requests increase considerably. Installing a password management system gives users the freedom of choosing their password while allowing administrators to set the minimum password security measures. Better ones can also be used to filter out more than 1 million different words in multiple different languages that are commonly used and guessed as passwords.
- Access Certification Software: eradicate cyber security risks and access certification issues by using automation and rules engines to validate access.
- Metrics Reporting Software: employ automatically generated reports to detect governance, risk and compliance trends around risk-related items and operational metrics such as cyber security vulnerabilities, patching, financial or any other customizable category you desire — a valuable tool for gaining support from executive management.
- Automatic Group Management: link group membership to human resources information systems for optimum and immediate compliance management to ensure only the appropriate people are members of sensitive groups. This ensures group members receive swift, appropriate access to applications or email distribution list based on their job titles, departments or locations.
- Identity Intelligence Software: makes all administration action visible, conducts a real time capture of all activities across an enterprise and presents a way to reduce user provisioning and identity and access governance cyber security risks.
Watch Ryan Ward, Chief Innovation Officer at Avatier, describe how to return identity and access management to the business user with Avatier’s Identity Access Management software.
Get the Top 10 Identity Manager Migration Best Practices Workbook
Start your migration from legacy software with the Top 10 Identity Manager Migration Best Practices Workbook. Use this workbook to think through your information security risk before you transition to next generation identity manager software.