Streamline your cloud experience and maximise your cloud investment with Microsoft Azure-aligned public cloud services.
Host all of your workloads in the most appropriate location while experiencing the simplicity of one cloud from Six Degrees.
Enhance your cyber security and safeguard your organisation with our cyber security strategy and advisory, consultancy, and managed services.
Connect your business through a comprehensive connectivity portfolio delivered via our owned and operated core Next Generation Network (NGN).
Access the smarter, faster technology needed to make the most of your hybrid working future.
Streamline your hosting with comprehensive colocation services delivered from three UK data centres.
Gain clarity and control of your 5G estate, ensuring ongoing cost efficiencies are managed on your behalf through our managed service.
Gain confidence in your cloud direction and achieve accelerated time to value through our assured and optimised cloud services.
Master today’s complex threat landscape and protect your business with our intelligence-led security services.
Videos and webinars are a great way to digest the latest technology insights.
Our eBooks and whitepapers provide in-depth insights from our experts.
Our thought leaders publish regular blogs on up-to-the-minute topics.
Learn all about the latest news from Six Degrees as we continue to evolve.
We host regular in-person and virtual events for our clients.
Learn how we enable our clients to achieve more; providing superior secure solutions, powered by our passionate people.
We are proud to partner with many of the world’s leading vendors, enabling you to leverage our continual investment in difference-making technology.
Learn how CNS at Six Degrees delivers intelligence-led security services that protect organisations in today’s hostile landscape.
We are committed to operating in an environmentally and socially conscious way. Learn more about our commitments as a business.
We are proud of our secure cloud credentials. Learn why we’re one of the most highly accredited providers in the UK.
We are a friendly and passionate bunch here. Whether you want to work with us or for us, we think you’ll enjoy the Six Degrees experience.
Home » Blogs » How to Understand and Improve Your Organisation’s Identity Management
Strong identity management is absolutely critical to maintaining your cyber integrity in 2022. Identity theft is one of the most common forms of cyber-attack today, so much so that 83% of incidents our Cyber Emergency Response Team (CERT) attended in the past two years have been related to identity theft.
In this blog I’ll take you through what identity management is, why identity theft – one of the key things good identity management is trying to prevent – is so common, who it is that’s buying stolen account credentials, and how you can go about improving your organisation’s identity management and overall cyber security posture.
Let’s get started.
At its most basic, identity management is all about giving the right people access to the right tools and data. You’re probably already doing it now: if you don’t have access to literally every file on your organisation’s shared drives and every application your organisation uses, that’s because of identity management policies that restrict your access to only the tools and data you need to carry out your specific role.
It gets more complicated than that, but at its heart good identity management protects organisations by preventing malicious actors from committing identity theft by stealing account credentials – or at the very least restricting movement if and when those actors do gain access to internal systems.
Identity management is critical in today’s hostile digital landscape, as identity theft is on the rise: a recent report stated that 2021 saw a 68% increase in data compromises compared to 2020. Let’s explore why that is.
So why is identity theft so common? Well, the simple answer is stealing account credentials is big business. There is a massive industry out there of people stealing and selling credentials on the dark web. Once these attackers have stolen a victim’s credentials, they want to leave without a trace in order to avoid arousing suspicion. I don’t suggest you venture to the marketplaces through which stolen credentials are sold on the dark web, but if you did you’d find lists of credentials with different attributes – whether they’ve been tested, whether they have access to financial data – that dictate price. They even run Black Friday sales. I’m not kidding.
As for who’s buying these credentials, there are three main markets. Most stolen credentials are sold to people looking to launch phishing and onward phishing attacks, giving them access to compromised mailboxes to send emails from. Secondly, there are hackers who want to launch attacks – ransomware, more than likely – from within a network without having to navigate its external cyber defences while also evading the long wait for brute force attacks, phishing attacks and other noisy activities to pay off. And thirdly, there are people who want to simply target external administration interfaces they have identified (RDP for example) which they can in turn use to pivot through to internal networks, or even just target the external host directly.
When it comes to protecting yourself and your organisation, you can probably guess what I’m going to say here: implement multi-factor authentication (MFA). MFA provides great defence against identify theft, but it’s also a reactive technology: for it to be effective, an attacker must already have obtained stolen credentials. That’s why comprehensive cyber security training and education on best practices is quite possibly more important than any technology could ever be alone. There’s no silver bullet when it comes to achieving strong identity management, but the importance of threat awareness and training cannot be overstated.
Strong identity management achieved through a combination or people, processes and systems is a non-negotiable for organisations today. If you’re unsure where to start when it comes to understanding and improving your organisation’s identity management, Six Degrees can help. Our expert consultants will enable you to understand your current posture and create a targeted plan to enhance it, while our managed security services keep you safe round-the-clock with 24×7 cyber event alerting and remediation.
Contact us and speak to one of our experts today.
Cyber security Maturity calculator Analyse your cyber security…
Cyber Threat Update 03/03/22 In this latest cyber…
More information on our Privacy and Cookies Policy can be found here: https://www.6dg.co.uk/privacy-cookies/. You can update how we contact you in the future by visiting our Communications Preference Centre here: https://www.6dg.co.uk/preference-centre/.
