In the Digital Identity Compass, we point you to developments in the world of Digital Identity, or Identity & Access Management.
Inhoudsopgave
Workforce Identity
Privileged Access Management
Customer Identity and Access Management
Zero Trust & Network Security
Government
Other developments
Podcast tip of the month
Cloudflare Hacked by Suspected State-Sponsored Threat Actor
Gen AI is reshaping Identity and Access Management (IAM) in enterprises. Gartner reports that currently less than 5% has used Gen AI in IAM, but that this is expected to rise to over 80% by 2026. IAM confronts challenges in managing complex identities, decentralized workforces, and evolving cybersecurity threats. As Gen AI's adoption accelerates, it plays a transformative role in addressing IAM complexities, bolstering security measures, and adapting to the evolving digital landscape. In these five ways AI will help improve the IAM landscape:
- Reducing False Positives: Gen AI enhances fraud detection in IAM, significantly reducing false positives during authentication.
- Improving Personalized Access Recommendations: Gen AI analyzes user patterns, tailoring dynamic access recommendations aligned with evolving roles.
- Enhancing Application Access Rights Management: Gen AI automates functions, simplifying onboarding/offboarding and generating rules based on policy descriptions.
- Mitigating Insider Threats: AI in IAM combats insider threats, utilizing advanced techniques like auto-deployed decoys and improved behavioral detection.
- Contributing to Intelligent Access Policy Management: Gen AI leverages advanced AI and ML, facilitating real-time analysis of datasets to adjust access policies dynamically based on user behavior.
Exploring the Role of Identity and Access Management in Healthcare
HealthITsecurity, 12 January 2024
IAM is pivotal in healthcare cybersecurity, particularly during events like the COVID-19 pandemic. However, implementing IAM in healthcare has its share of challenges. As mergers and acquisitions are rapidly increasing, organisations are becoming significantly more complex. Determining access levels for medical staff is also tricky. To address these issues, healthcare entities are urged to adopt practical IAM strategies, incorporating robust governance, reliable PAM, and a commitment to zero-trust principles. These measures bolster digital identity security, safeguarding against evolving cyber threats.
Delinea Acquires Authomize to Strengthen Extended PAM
Delinea has acquired Authomize, an Israeli company specializing in identity-based threat detection in cloud infrastructure. This addition enhances Delinea's privileged controls and strengthens defenses against identity-based attacks like insider threats and account takeovers. Art Gilliland, CEO at Delinea stated "the combination of Delinea and Authomize gives customers the power to detect and mitigate active identity threats across SaaS applications, cloud, and hybrid infrastructure.” It allows for the ability to address current and future PAM requirements including:
- Increase visibility of privilege across multi-cloud environments with the continuous discovery of all privileged access.
- Continuously monitor and protect all identities to detect threats and automatically mitigate risks in any application or service.
- Streamline and accelerate security and compliance audits with automated User Access Reviews and out-of-the-box policies.
Privileged Access Management Market Size Set to Reach US$ 22.69 Billion by 2033: Persistence Market Research
Persistence Market Research, 11 January 2024
The global PAM market value projections are expected to reach as high as US$ 22.69 billion by 2033. Comparing with 2023’s PAM market value at US$ 3.28 billion, this demonstrates a Compound Annual Growth Rate (CAGR) of 21.4% year upon year until 2033. Along with the rising awareness among enterprises regarding the necessity of PAM solutions, notable contributing factors to the exponential market growth include:
- Cloud-Centric Solutions: Organizations are shifting towards cloud-based solutions to secure privileged accounts, allow for scalability, flexibility and manage privileged access across diverse IT environments.
- AI & ML: Integration of technologies such as Artificial Intelligence (AI) and Machine Learning (ML), which are being utilized to enhance threat detection.
- Zero Trust Security Model: Rather than solely relying on technical controls, enterprises are doubling down on their security by incorporating the zero trust, always verify approach.
New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise
A new class of CI/CD attacks could have enabled attackers to inject malicious code into the PyTorch repository, posing a significant supply chain compromise risk. The attack method targets GitHub repositories with self-hosted runners, allowing threat actors to execute arbitrary code without approval. Researchers discovered vulnerabilities in PyTorch's self-hosted runners, allowing them to install their runner and maintain persistence. This compromise could lead to various post-exploitation activities, including uploading malicious releases, modifying the main branch, or compromising PyTorch dependencies. The researchers reported the issue to Meta, which considered it mitigated and awarded a $5,000 bug bounty. Mitigations involve using isolated, ephemeral self-hosted runners and requiring approval for external pull requests.
New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise
Business Today (India), 19 January 2024
Cross Identity introduces PIAM, a revolutionary software transforming privileged user management for enhanced security in financial institutions. This unified platform integrates access management, governance, and administration, fostering collaboration by breaking down organizational silos. PIAM provides a holistic approach, covering provisioning, access requests, entitlements, and features like access certifications and Segregation of Duties management. Its user-friendly interface ensures secure and cost-effective management of privileged accounts, simplifying the complex landscape of privileged identity and access management.
Disruptive security crucial in 2024 for cyber threat resilience
Beveiligingswereld, 21 December 2023
In this article, Distology outlines key predictions for 2024 in the realm of cybersecurity:
- Zero Trust Adoption: Organizations are expected to embrace the Zero Trust security model. This is driven by the European NIS2 directive.
- Evolution in Cyber Insurance Landscape: This evolution is driven by the rise of automated Governance, Risk & Compliance (GRC) platforms.
- Growing Significance of AI: As both cybercriminals and security firms increasingly leverage AI capabilities. Cybersecurity solutions lacking integration of AI and machine learning are facing heightened scrutiny.
- CIAM Takes Center Stage: CIAM emerges as a pivotal focus in cybersecurity. As businesses heavily depend on digital ecosystems, CIAM becomes a crucial element in safeguarding against internal and external threats. It facilitates precise control over access levels based on roles, emphasizing the reduction of unnecessary risks.
- Enhanced Security through Smarter Surveillance: The integration of AI aims to identify suspicious patterns and proactively respond to threats, marking a paradigm shift towards a more adaptive and responsive security system.
Consumer IAM Market Worth $18.1 billion by 2028, growing at a CAGR of 16.2%: Report by MarketsandMarkets™
GlobalNewswire, 10 January 2024
The Global CIAM Market is projected to grow at a CAGR of 16.2%, reaching USD 18.1 billion by 2028 from USD 8.6 billion in 2023. Drivers include increased awareness of regulatory compliance and concerns about identity theft. Major players include IBM, Microsoft, Salesforce, SAP, and Okta. Key trends involve AI for enhanced client experiences and Blockchain for improved data privacy. CIAM solutions play a vital role in managing consumer data, with a focus on identity verification and authentication. The opportunity lies in the proliferation of cloud based CIAM solutions, providing cost-effectiveness and flexibility for organizations of all sizes.
Executing Zero Trust in the Cloud takes strategy
Implementing Zero Trust in cloud cybersecurity requires strategic planning. While Zero Trust is crucial, its proper execution involves addressing challenges such as lack of visibility, overentitlement, and complexity in today's diverse infrastructures. Organizations often focus on authentication but need to consider entitlement and environment. Zero Trust should enhance security through multifactor authentication and streamlined user experiences. Techniques like pairing up data lakes and APIs, blocking attack paths, and monitoring the right Key Performance Indicators (KPIs) can overcome challenges, enhance security, and drive successful Zero Trust adoption in cloud cybersecurity.
Hewlett Packard Enterprise to buy Juniper Networks in $14 bln deal
Hewlett Packard Enterprise (HPE) is set to acquire Juniper Networks for $14 billion in an all-cash deal, aiming to enhance its AI offerings. The $40 per share offer represents a 32.4% premium to Juniper's Monday closing stock price. This move comes as HPE seeks to boost its networking business and leverage Juniper's strengths in network security and AI-enabled enterprise networking operations. The transaction is anticipated to close in late 2024 or early 2025, pending regulatory approvals.
Zero Trust, AI, Capital Markets Drive Consolidation in Cloud Security
Cloud security is witnessing consolidation driven by factors like Zero Trust strategies, AI adoption, and capital market dynamics. Recent acquisitions include Delinea acquiring Authomize for identity-based threat detection, and SentinelOne acquiring PingSafe for cloud-native application protection. Organizations shifting to cloud services seek better visibility and threat protection. Zero Trust security architectures and AI/ML capabilities are focal points. Startups, facing economic uncertainties, are inclined towards consolidation. The trend emphasizes the need for simplified, integrated solutions providing comprehensive security across multiple domains. The success of recent acquisitions will determine the effectiveness of this consolidation wave.
In the Context of Cloud, Security and Mobility, It’s Time Organizations Ditch Legacy MPLS
Traditionally, organizations have relied on Multi-Protocol Label Switching (MPLS) for its reliability, security and high-speed connectivity. However, MPLS adoption is flattening after several years of showing a decline. Organizations are urged to abandon legacy MPLS in favor of Secure Access Service Edge (SASE) due to the evolving landscape of cloud, security, and mobility. MPLS faces challenges in the modern era, with vulnerabilities to DDoS attacks and the trombone effect in cloud traffic. MPLS deployment is costly and time-consuming, leading to budget constraints and limited carrier options. SASE, converging Software Defined Wide Area Networking (SD-WAN) with security controls, emerges as an ideal MPLS replacement, offering optimal path selection, active/active connections, and dynamic security protocols. The transition to SASE is seen as a disruptive force, ultimately replacing MPLS.
Dutch consortium starts with the build of European cloud
A Dutch consortium is launching the development of a federated European cloud called "European cloud services in an open federated ecosystem" (ECOFED). The project, co-funded by the Dutch government, runs from 2024 to 2027 and focuses on promoting cloud portability and data sovereignty at the European level. The consortium, consisting of Info Support, i3D.net, BIT, AMS-IX, and TNO, will develop open interfaces and open-source tools to facilitate the transition from closed hyperscale cloud platforms to a federated cloud ecosystem. European funding of €2.6 billion marks a crucial step toward a decentralized and open European cloud.
'No reason to fear EU AI Act'
Dutch MEP Kim van Sparrentak (GroenLinks) emphasizes that the new EU AI Act should not be a cause for concern for most companies, as the majority of AI software falls outside the high-risk category. She dispels the notion that nearly all current AI is classified as "high risk" and advises companies to wait until the regulation is further developed before preparing. Van Sparrentak highlights that only AI systems causing harm to humans are deemed unacceptable, and underscores the law's flexibility, allowing for potential updates in the future. She underscores the advantages of thorough documentation and transparency for both companies and users. Despite extensive lobbying efforts by industry and various European countries during negotiations, she believes the AI Act represents a balanced outcome.
Dutch Senate establishes committee in digitization
The Dutch Senate has established a committee on digitization, mirroring the Lower House's initiative. This committee focuses on reviewing new digitization-related Acts and collaborating with specialized committees on European legislation. The decision follows a prior working group's examination of senators' understanding of digitization. In response to a motion passed after a Senate debate in March 2023, the Senate approved the proposal on Jan. 16, aiming to enhance knowledge of digitization and AI within the civil service.
Opensource organizations pleased with amended European Cyber Resilience Act
Opensource organizations express relief and optimism over the adjusted European Cyber Resilience Act. Concerns regarding complex certification and unrealistic legal requirements for opensource software have been addressed, easing the burden on developers. The introduction of the "opensource steward" concept, creating a distinct economic class for the software industry, alleviates many proposed rules and requirements. This development aligns the Cyber Resilience Act more closely with the structure of the modern software industry, recognizing the unique contributions of opensource developers.
China-Linked Volt Typhoon Hackers Possibly Targeting Australian, UK Governments
Chinese APT group Volt Typhoon is suspected of launching new attacks against US, UK, and Australian government entities. The group is exploiting old vulnerabilities in Cisco routers, specifically CVE-2019-1653 and CVE-2019-1652 in discontinued Cisco small business RV320/325 VPN routers. SecurityScorecard observed that one-third of vulnerable devices may have been compromised by Volt Typhoon. The attacks involve the use of proxy routers for command-and-control communication, potentially forming a botnet of compromised devices.
Cybersecurity trends to look out for in 2024
In this article, SSH predicts 8 cybersecurity trends for 2024:
- Next-level Zero Trust: Zero Trust will evolve beyond architecture, focusing on holistic and adaptable approaches, integrating proactive verification, and AI-powered real-time analysis.
- Identity Security and Management: Continuous identity verification will gain importance to combat new identity-based cyberattacks, with a focus on stronger authentication methods such as biometrics.
- Next-level Secure Business Communications and Collaboration: Organizations will seek highly secure collaboration tools, moving away from non-compliant tools to ensure end-to-end encryption, secure data sharing, and compliance with data security laws.
- Cybersecurity Regulations and Compliance: The NIST and NIS2 will come into force, impacting organizations' cybersecurity practices and imposing fines for non-compliance.
- OT and IoT Cybersecurity: Industrial and critical infrastructure sectors will prioritize OT/IoT cybersecurity due to the increasing prevalence of remote work and maintenance, leading to IT/OT convergence and improved access and identity security.
- Cybersecurity Insurance: CISOs and cybersecurity experts will play a more significant role in leadership teams, emphasizing the shift from reactive to predictive and defensive cybersecurity.
- AI and Deepfake Cyberattacks: The battle between AI-powered cyberattacks and AI-powered threat detection will intensify.
- Quantum Computers and Data Harvesting: As quantum computers advance, cybercriminals will focus on harvesting long-term sensitive data for future decryption, highlighting the need for post-quantum cryptography (PQC) solutions.
Cyber insecurity (and cybercrime) a major problem for the entire world, warns WEF (World Economic Forum).
Cybercrime and cyber insecurity rank fifth among the greatest risks for the Netherlands, as outlined in the annual report of the World Economic Forum (WEF). This is partly due to AI, which enables the mass creation and dissemination of disinformation. Companies and government organizations consider cyber insecurity a greater risk to their operations than other stakeholders. In businesses and governments, cyber insecurity ranks third among major risks for the next two years. In educational institutions, it holds the eighth position, and in international organizations, it is in the ninth position. 'Civil society' estimates the risk of cyber insecurity to be even lower, at the tenth position.
Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility: Report
A recent two-year investigation by Dutch newspaper De Volkskrant suggests that Erik van Sabben, a Dutch engineer, enlisted by the Dutch AIVD, may have utilized a water pump to deploy the notorious Stuxnet malware in an Iranian nuclear facility. Stuxnet, designed to sabotage Iran’s nuclear program, is estimated to have cost between $ 1 and $ 2 billion to develop. Van Sabben, recruited in 2005, had a technical background, business dealings in Iran, and was married to an Iranian woman, making him an ideal candidate. The AIVD reportedly collaborated with American and Israeli counterparts without informing its government about the full extent of the operation. The malware, believed to have caused physical damage to hundreds of machines, was designed to spread across the network once the compromised water pump connected to the system and is estimated to have cost between $ 1 and $ 2 billion to develop. Van Sabben passed away two weeks after the attack in a motorcycle accident. It is unclear if he was aware of his role in deploying Stuxnet.
The largest data breach ever, 26 billion records with personal data leaked
The breach is described as 'The Mother of all breaches' (MOAB), and has exposed 26 billion records of personal data, including data from companies like LinkedIn, Dropbox, and X. Discovered by cybersecurity researcher Bob Dyachenko and the Cybernews team, the 12-terabyte database was found on an unprotected page, with the owner unlikely to be identified. The breach is concerning due to the extensive information. Cybernews provides a tool to check if personal data has been compromised. With a significant impact on consumers expected, individuals are advised to use strong passwords, check for duplicate passwords, enable multi-factor authentication, and stay vigilant against phishing attempts.
Podcast tip - Security Now
Security Now: Cybersecurity guru Steve Gibson en Leo Laporte break down the latest cybercrime and hacking stories, offering a deep understanding of what's happening and how to protect yourself and your business.
