Security is like a streetlamp in many ways. Nobody notices when everything runs smoothly – but when there’s a blackout, it becomes a public spectacle.

In the past decades, these blackouts have increased in scale and complexity. Organisations face an uphill battle against hackers, who have capitalised on Covid-19 chaos to carry out attacks.

With advancing threats, organisations need to centre security around identity and access management. Shamirhan Sulaiman, Netpoleon’s Director of Market Growth and Development, shares four steps agencies can take to do so.

1. Managing identity and access

In March, hackers tried to steal passwords of the World Health Organisation’s staff. Hackers have also tried to pose as the agency to steal money and personal information from the public.

79 per cent of organizations have experienced an identity-related security breach in the last two years, according to research by the Identity Defined Security Alliance.

Being able to verify the identity of users becomes crucial. An identity governance tool looks at an employee’s location, device, and network before deciding to grant access or not.

Security solutions should also manage the access users have to data. A solution can restrict access according to time, for instance.“If they were to assess the data on time that is not the norm, it should be flagged,” says Shamirhan.

Privileged users with access to critical data are critical targets for cyber criminals. So, privileged identity and management tools will come in handy to monitor these users and apply enhanced levels of security to their accounts.

2. Encryption and authentication

Encryption should also be used to protect data when it is stored and distributed. The technology encodes confidential data into a code – even in the event of a data breach, hackers will not be able to access it. Security teams must then store the keys in a secure location.

As hackers advance their techniques, a simple username and password are no longer good enough defenses. Organisation must further enhance security with multi-factor authentication, says Shamirhan.

That can be in the form of a SMS verification or token. Every time users try to access sensitive networks, they will have to go through multiple rounds of authentication.

3. Future-proof

Technology changes and advances every six months. Any solution implemented should be able to integrate with new or legacy systems, says Shamirhan.

“If you have legacy equipment, if you have new equipment, it doesn’t matter. It goes according to your requirement, and that requirement may change every six months,” he adds. Hence, having a good cyber footprint for the future is something every company needs to consider.

Attack techniques are also changing and advancing. The solution must be able to adapt to future threats on the horizon, says Shamirhan. “There must be growth, and I do not need to actually change my entire solution to actually cater for future threats.”

4. Educate

Humans are the weakest link in cybersecurity. Human error caused 90 per cent of data breaches in 2019, according to a CybSafe analysis of data from the UK Information Commissioner’s Office.

The entire organisation – not just security teams – must be educated on cyber best practices, says Shamirhan. Organisations should also hold workshops to upskill security teams and help them stay ahead of threats.

Netpoleon offers organisations a playbook on data and identity security, says Shamirhan. It shares current security trends and offers expertise on how to run solutions optimally. The company also provides organisations with a suite of solutions to better guard against today’s threats.

Cyber attacks will only get more intense. Organisations have to prepare a robust data and identity security system and gird up their loins for the ruthless cyber landscape.