SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Security experts underscore identity assurance in post-lockdown era
Fri, 12th Jun 2020
FYI, this story is more than a year old

As many parts of the world emerge from lockdown and breathe life into their offices again, one of the most fatal flaws would be thinking that it is back to business as usual.

In the post-lockdown era, organisations need to focus on a new normal, rather than the way things used to be. This point is particularly relevant for every organisation's cybersecurity strategy.

As many employees worked remotely, phishing attacks and scams readily switched gears to take advantage of improperly secured home networks and devices. What's more, corporate networks were shut down for weeks.

For example, last month the Australian Cyber Security Centre published reports of threat actors who deliberately targeted health sector organisations and medical research institutions to create even more chaos during the COVID-19 crisis. These threat actors compromised email servers and then used these to send COVID-19-related phishing emails – the perfect medium for distributing malware and other nasty attacks.

Healthcare organisations were not the only businesses at risk – transport giant Toll Group fell victim to a ransomware attack that may have given the attackers access to sensitive business information.

Australia is now subject to mandatory breach reporting procedures and New Zealand is not too far behind.

Now is the time to inspect security measures to properly secure access and identities that fit each organisation's individual needs.

Cybersecurity firm RSA states that organisations should rebuild, re-prioritise and re-assess their current security programs, with the ultimate goal of enhancing threat response.

“Identity continues to be the most consequential attack vectors for enterprises, but it is also an opportunity to improve productivity by creating a frictionless user experience with strengthened identity assurance to protect critical data and assets,” states RSA's Craig Dore.

RSA tightly couples the concept of identity assurance in line with a user or application privilege. The higher the privilege, the higher ‘assurance' is required. The highest forms of assurance come in a variety of flavours such as hardware devices including FIDO tokens. RSA has an influential role in supporting and driving the FIDO standard for authentication.

In addition to supporting the FIDO standard for authentication, RSA SecurID Suite strikes a balance between real-time risk detection and higher levels of identity assurance – where they make sense. FIDO has a range of legitimate security benefits, including providing a means to combat (and eliminate) phishing and allowing organisations to take a step toward a ‘passwordless future'.

Not only should identity assurance be applied to the current ‘work from home climate' to protect user access, but RSA also provides a technology-agnostic approach to securing the entire environment from “ground to cloud”. This is why it's not enough to simply “tick a box” to solve today's challenge – any investment in identity assurance should be ready to solve tomorrow's problems as well.

As your organisation returns to full power, consider your digital transformation aspirations particularly in alignment with identity, use of passwords, remote access and SaaS protection.

To request a free trial of RSA's multi-factor authentication (MFA) solutions, click here.

To find out more about YubiKey for RSA's SecurID Access, click here.