The science fiction novel Neuromancer envisages bioengineering advancing by 2030 to such a degree that people can reshape their entire faces, even incorporating animal elements such as fangs, or fusing glasses into their skulls with augmented reality readouts.
While 2020 has not seen this yet occur, people are still using tech to change identity – especially hackers. This has created new security vulnerabilities as employees access private networks from unverified locations and devices during the pandemic.
Confirming someone’s identity is vital for good security. GovInsider spoke to Terry Burgess, Asia-Pacific Japan Vice President of SailPoint, to find out how identity can help to secure workplaces.
Working in the new normal
The pivot to remote working has created security loopholes as employees are using their own devices and logging onto private networks from unverified locations, warns Burgess.
Security teams are faced with the complicated task of determining that users attempting to access private networks are employees and not malicious actors. “How do you manage whether this contractor should have access now that he’s coming in from his own device?” he asks.
This is where agencies need to prioritise identity and access management, Burgess believes. Usually in the form of multi-factor authentication or single sign-ons, these types of systems will help to ensure the right employees have access to the right networks to carry out their jobs.
Amid organisational shifts
The pandemic has also called for an increased flexibility in organisational structures – which may change as employees are redeployed to different ministries or departments to fill gaps in manpower.
With such shifts, “what happens is that there will be some sort of change in application access,” says Burgess. Security teams have to ensure that employees no longer have access to critical information when they are seconded, he warns.
Take healthcare, for instance. Hospital workers are moving back and forth between frontline work and elective procedures as hospitals respond to the ebb and flow of patients. IT staff, in response, must rapidly change systems and information access for these employees and keep the hospital secure.
SailPoint integrates with Cerner, one of the largest patient information systems, to ensure correct access amid organisational shifts. When an employee is redeployed to a different department, SailPoint updates his identity profile, and access entitlements in Cerner are adjusted. This process is automated, so access can be changed in minutes.
Hackers have clearly taken advantage of the global pandemic to carry out cyberattacks. According to a report from Singapore’s Cybersecurity Agency, Covid-related phishing activity rose globally. The agency also observed over 1,500 malicious URLs targeting Singapore from March to May 2020, more than double the preceding three months.
Malicious emails, in particular, can lead to huge data breaches. A 2019 Verizon report revealed that 94 per cent of data breaches start with email attacks.
Together with Proofpoint email security, SailPoint helps organisations identify employees with access to sensitive data, and applies the right level of security to their accounts. It also automatically detects and stops email attacks by identifying and removing user access from potentially compromised accounts.
In today’s increasingly uncertain climate, organisations have to be quick on their feet to adapt to unexpected changes and guard against complex cyberthreats. That is an arduous task indeed, but a robust identity and access management systems can help organisations to see who is behind the mask and prevent unwanted data breaches.