Interview: Future of Identity Security

Rahil Ghaffar, VP – EMEA , WhiteSwan Security tells Anita Joseph how it’s crucial for organizations to prioritize identity security because compromised credentials can lead to breaches that are difficult to detect and can cause extensive damage.

What are some common examples of identity-centric attacks in today’s digital landscape, and how do they exploit vulnerabilities in authentication systems?

In today’s digital landscape, common identity-centric attacks include Phishing, Credential stuffing, Man in the Middle Attacks , SIM Swapping etc.

These attacks exploit vulnerabilities such as weak passwords, lack of multi-factor authentication (MFA), or unsecured network connections, to gain unauthorized access to user accounts and sensitive data.

The global trend is also reflected in the Middle East and Africa region (MEA), with the use of valid local accounts and valid cloud accounts, making up the primary cause of cyberattacks against organizations in the region.

Exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web today.

Could you explain how multifactor authentication (MFA) can mitigate the risks associated with identity-centric attacks, and what best practices organizations should follow when implementing MFA?

Traditional IAM solutions only are at the perimeter and therefore once the login completes there is no MFA activity or prompts. For example after login no one is prompted for an rdp to a server he has not accessed before. For Traditional PAMs it is hard to extend identity centric defences to the lowest granularity. For MFA to be effective there should be

Layered Defense: MFA requires at least two forms of evidence to verify a user’s identity, making unauthorized access considerably more difficult for attackers even if they obtain one credential, like a password.
Diverse Factors: Organizations should use a combination of something the user knows (password), something they have (security token or TPM chip of Laptop), and something they are (biometrics).
Adaptive Authentication: Implement adaptive MFA that adjusts authentication requirements in response to user behavior and risk assessment.
Education and Training: Educate users on the importance of MFA and guide them through setup and usage to ensure compliance and proper use.

How do identity-centric attacks differ from traditional cybersecurity threats, and why is it crucial for organizations to prioritize identity security in their defense strategies?

Identity-centric attacks specifically target the credentials and identity attributes of individuals to gain unauthorized access, differing from traditional threats that often focus on penetrating network defenses or exploiting software vulnerabilities. These attacks are more personalized and can bypass conventional security measures if identity security is weak. Remember Humans are the weakest link here. Ensuring that MFA is used and access privileges of users and admins are managed is extremely essential.

It’s crucial for organizations to prioritize identity security because compromised credentials can lead to breaches that are difficult to detect and can cause extensive damage. Identity security ensures that the right individuals access the right resources at the right times for the right reasons, aligning with the principle of least privilege and reducing the attack surface.

What role does user education play in preventing identity-centric attacks, and what are some effective methods for raising awareness about the importance of secure authentication practices?

User education is pivotal in preventing identity-centric attacks, as these often exploit user behavior. Effective awareness programs can significantly reduce such risks. Methods include:

Regular Training Sessions: Conduct workshops to educate users on the latest threats and safe practices.
Simulated Attacks: Run simulated phishing exercises to teach users how to recognize and respond to attacks.
Engaging Content: Use multimedia content like videos and infographics to make learning about cybersecurity engaging.
Updates and Reminders: Send out regular updates and reminders about secure authentication practices.
Clear Guidelines: Provide clear, concise guidelines on creating strong passwords and protecting credentials.

Can you discuss emerging technologies or trends that are shaping the future of identity-centric security, and how organizations can adapt their security measures to address these advancements?

Emerging technologies are indeed redefining identity-centric security. Many Enterprises and Govt entities are now beginning to use Identity Centric Zero Trust Network Access (ZTNA), shifting focus from traditional models to prioritize user identity and context. This evolution from password dependency to a model that continuously verifies user identities and device health, adopting least-privilege access, and tailoring adaptive policies, enhances security, reduces attack surfaces, and aligns with the dynamic nature of threats, offering a more resilient and user-friendly approach to safeguarding against unauthorized access in various environments, from cloud to IoT

Its important to add here that a simple ZTNA solution doesn’t cut it for users and admins – third party access to internal infra is a nightmare and managing user cloud entitlements and their access to cloud infra is a big issue . Managing these diverse use cases while ensuring connectivity needs a different approach.

Survey reveals misalignment between cybersecurity and business goals in the UAE and KSA

Bybit opens global headquarters in Dubai on the heels of 50% increase in user base

DIFC Courts reinforces its commitment to sustainability following expansion of its digital infrastructure

NETSCOUT adds new data centre presence in Dubai with added Arbor Cloud Capabilities

Dubai ranks as the second most crypto-ready city in the world

LinkShadow reinforces its commitment to Saudi Arabia

Huawei Cloud’s Riyadh launch boosts Saudi tech advancement

Cisco unveils new data centre to enhance security services in Saudi Arabia

Survey reveals misalignment between cybersecurity and business goals in the UAE and KSA

Google Cloud announce significant new collaboration with Saudi Pharmaceuticals giant

KROHNE delivers insights to inspire the next generation of engineers in Oman

Oracle supports major project to accelerate Oman digital economy

Ooredoo accelerates cybersecurity in Oman with new deal

Omantel selects Ericsson to manage its nationwide multi-vendor networks

Oman TRA shares plans to accelerate 5G deployment

BDB launches “tijara” platform for SMEs

Bahrain achieves full nationwide 5G coverage

Batelco, SonicWall launch integrated security solutions for SMEs in Bahrain

Bahrain to offer COVID-19 test results on WhatsApp, Facebook Messenger

Infor supports Bahrain’s digital transformation

Infopercept opens its first Middle East office in Kuwait

Microsoft Compliance Manager now available in Kuwait

Commercial Bank of Kuwait gets mobile payments moving with Thales Digital Solutions

Ooredoo chooses Fortinet to deliver secure SD-WAN managed services in Kuwait

Zain rolls out first-ever 5G roaming service in MENA

Looking for the best label solutions in South Africa? Go OKI!

OKI is only going bigger in the South African market!

Huawei honours Women in Tech at Apps UP 2022

Amazon payment services launches in the MENA region

Egypt turns to AI to deliver COVID-19 diagnosis service to People of Determination

Vertiv extends partnership with MDS SI Group to enhance digital infrastructure solutions

Bosch sees 21% sales surge in the Middle East

“AI has been in Google’s DNA from the beginning – we are an AI-first company” – Tarek Khalil, Google Cloud

How companies can future-proof their business with Web3

“Diversity, equity and inclusion are a core part of our culture and values at AWS” – Yasmine Afifi

Gender Lens investing vital to economic recovery

Virgin Hyperloop unveils location for Hyperloop certification centre

TikTok taps Oracle as secure cloud provider

Zoom gets security boost with Keybase acquisition

Why collaboration is the answer to the successful roll-out of 5G

OPSWAT invests $10 Million in scholarship learning program to help close cybersecurity skills gap

Alef Education showcases the Alef Metaverse to improve climate education at COP28

Bybit and AUS unveil the tech talents of tomorrow

How digital education solutions can help students achieve their full learning potential

Seeds for the Future 2023: Huawei gathers ME & CA’s brightest ICT talent in Qatar

Huawei launches ground-breaking solar inverter at World Future Energy Summit

Middle East Energy to further boost their sustainability agenda

EDF UK selects Dynatrace to keep the power flowing

KROHNE harnessing the power of analytics to drive energy transformation

“All of us are pulling in the right direction for a better tomorrow” – Frank Janssens, VP at KROHNE

Above and ‘Beyon’ – New Money SuperApp launched in the UAE

New cross-border payments platform Digit9 launches in the UAE

Hub71 partners with global economic transformation specialist on MENA start-up ecosystem

Spheroid Universe coin to be listed on MEXC exchange

DIFC Innovation Hub launches AccelerateHER program

Innovating Finance: UAE’s Pioneering Role in the Blockchain and Crypto Landscape

Pioneering Sharjah’s Digital Revolution

Interview: Shaping a Secure World

Dubai Chamber of Digital Economy scouts Asia for tech start-ups

Government leaders from IT sector honoured at GovTech Innovation Awards

Dubai Science Park study backs R&D localisation amid projected surge in UAE healthcare spending

MarkiTech expands GCC footprint

MoHAP Launches Health Sector’s First National Centre of Excellence for AI

Korian Benelux future-proofs residential Care with AI-driven solutions

SAS accelerates responsible innovation efforts with new collaborations

Digitalisation key to accelerating construction development in Middle East, says Trimble

R&M Introduces First Single Pair Ethernet System to Support Middle East Smart Building Trend

To ‘upsmart’ your building, start with the elevator

Renters searching for homes online surge amid coronavirus fears

Emirati tech entrepreneur launches new app to ease Dubai’s rental woes

Brands Beware: The Application Generation Demands Seamless Digital Experiences

Opinion: Brands must respond to meet heightened customer expectations

Thriwe: Enhancing the Omni-channel experience

Navigating the Festive Cyber Landscape: Ensuring Online Safety during Holiday Shopping

Celebrate the Dubai Shopping Festival with Eros Electronics’ exclusive deals

StorIT and Liqid announce strategic partnership in the Middle East

Riverbed Unveils AI-Powered Platform to Optimize Digital Experiences

Genetec Security Centre SaaS seamlessly connects to direct-to-cloud devices

Interview: Strengthening Cyber Defence

Opinion: How integrated ITSM security can support the engine of change