In the movie, Tucker: The Man and His Dream, Jeff Bridges plays Preston Tucker. As an entrepreneur, Tucker failed in 1947 to change the automotive industry. As a visionary, he succeeded in advancing automobile design, manufacturing and safety. In one scene, Tucker delivers an impassioned speech to investors. While serving rare steak, Tucker stresses his car’s state-of-the-art safety features. During his speech, horrific images of car accidents are projected on a screen. Tucker’s method, although unorthodox, succeeded in breaking a misperception. That is the assumption that automobiles and driving are safe activities.
Today, how many assume we operate in a safe environment at work?
Last week NBC news released a "secret" NSA map. It showed known Chinese government U.S. cyber attacks since 2010. According to the report, all sectors of the economy are impacted. With over 600 victims, the breaches include Fortune 100 companies, government agencies and the military. In stealing information, the Chinese government extracted data about America’s critical infrastructure. Particularly, energy, telecommunications, pharmaceutical drugs, hybrid cars, and air traffic control systems were targets.
The NBC report needed Preston Tucker.
Raise Awareness of Government Sponsored Cyber Attacks
Governments target U.S. agencies, corporations, and universities to gain an advantage. Intellectual property is prized. Personal data coveted. The information enables competitive advantage. Cherished intel includes formulas, blueprints, price lists, energy grids, and new products. This information helps cut costs, fix pricing, flood markets, and bypass regulations.
In most cases, breaches are preventable. A few security basics make it difficult to gain access and operate undetected. Like a safety belt, security awareness and identity management mitigate cyber attacks. Tried and proven, phishing remains the most common way organizations are targeted. For this reason, security awareness remains a critical first line of defense.
Organizations can inexpensively raise awareness and provide training to prevent phishing campaigns. These efforts raise business user awareness about information security and risks. Risks are dramatically reduced when users are security aware and engaged. Organizations can leverage news, like Chinese government cyber attacks, to educate users. The most secure organizations reduce risks by improving processes and communication.
Identity and Access Management Promotes Cyber Security
Enterprise password management forms a cornerstone for identity and access management. Automated password policy enforcement improves security. Self-service password reset tools reduce operational overhead. Once an enterprise password manager is deployed, you can automate user provisioning for new hires, transfers and terminations. Strong passwords and real time de-provisioning deter unauthorized access and cyber attacks.
When workstations, applications and network systems lack internal controls, organizations are vulnerable to exploits. An absence of identity management controls allows for easily guessed passwords, orphaned accounts and faulty processes. Similar to drivers needing seat belts, deficiency in this area is inexcusable.
Targeted companies and industries must make users aware of the risk they face. Typically, security professionals often focus too much on detection. Instead, they should promote a security culture reinforced by identity management controls. Organizations must eliminate behaviors that create vulnerabilities and expose security risks. Identity and access management tools establish processes designed to make breaches difficult and immediate remediation possible.
Begin your identity management initiative by following what corporate compliance experts recommend for the workflow automation of businesses processes, self-service administration and IT operations.