A European Journal of Engineering and Technology Research study considers Identity and Access Management (IAM) "an important cybersecurity activity that helps to organise different access management." Its ability to boost monitoring processes and security controls aids organisations and individuals in strengthening their cybersecurity posture compared to using passwords alone.
Unfortunately, malicious players still find a way to circumvent IAM tools. Stephanie Barnett, VP of presales, Asia-Pacific & Japan at Okta, shared the company's recent State of Secure Identity 2023 report, which reveals that customer identity and access management (CIAM) systems are increasingly under attack. Sign-up fraud, leaked credentials, credential stuffing, and bypassing multi-factor authentication (MFA) are among those she listed as common CIAM attacks.
"Fraudulent registration attempts represent 27.9% of total registration attempts on the Okta Customer Identity Cloud in Asia Pacific – which is almost three times higher than in other regions like the Americas (9.4%) and Europe, the Middle East and Africa (EMEA: 8.1%). In Japan, this figure rises to 43.6%, whereas for Southeast Asia, it is just 16.2%," reported Barnett.
Barnett posits that the concentration of threat actors operating and targeting parts of Asia Pacific and the higher fraudulent registration attempt figure show a less mature approach to identity security in the region than others. She also observed Okta's customers in the region enable fewer security products and features than others.
For Darren Guccione, the CEO and co-founder of Keeper Security, identity management has evolved to address emerging AI-powered threats, especially since data revealed that IT and security leaders feel ill-equipped to defeat deep fake technology (30%) and AI-powered attacks (35%).
"The traditional IT perimeter has vaporised in recent years, dramatically increasing the attack surface. The mass migration to distributed remote work environments has exponentially increased the number of endpoints, the number of remote locations such as home offices, and correspondingly, the sheer number of websites, applications, and systems that require identity verification, access, and full end-to-end encryption," Guccione added.
Moreover, he considers humans "the most error-prone element of the attack chain" and "far more difficult to protect." Â
For the full article, click here.
