Cleaning Your Digital House and Adopting Sensible IAM Policies
It’s long been apparent that human error is a leading cause of cyber breaches, including in higher education, but the 2024 CrowdStrike Global Threat Report puts forward stark numbers that reinforced that understanding.
According to the report, 75% of cyberattacks in 2023 were identity-based, meaning attackers did not even need to deploy malware to complete successful hacks. Instead, social engineering, phishing emails and other ways identities can be compromised were to blame for at least three-quarters of breaches. One especially prolific criminal organization, Scattered Spider, was particularly effective in using social engineering to steal credentials from IT staff or those with access to financial resources.
So, what causes these breaches, and what does it have to do with identity? In this case, it’s all about minimizing damage.
Despite our best efforts, there’s no way to guarantee an employee won’t get duped by a phishing email or something similar. It’s going to happen. For cyber resilient higher education institutions with good data governance, however, a compromised identity only goes so far. When users don’t have access to anything more than they absolutely need, the impact of a breach is going to be far smaller than if that person has the keys to the entire network infrastructure.
There’s a decent chance that the last sentence made more than a few college CIOs and CISOs break out in a cold sweat. Thousands, tens of thousands or even hundreds of thousands of identities — from students, faculty and staff to applicants and alums — are active on university domains. Some are decades old, others are minutes old, and there’s a constant flow of identities in and out, all of which need to be properly governed. It’s a rare institution that has full confidence that all of those identities have the appropriate permissions.
You can learn much more about the intricacies of data governance and how policies can be set in some of our recent coverage, including:
- How AI impacts IAM
- What zero trust has to do with identity governance
- Where privileged access management fits in
- How proper data governance can be effectively deployed
- What a data-driven institution looks like
The bottom line is that you’re going to need help to get your house in order.
It's time to call in a cleaner to sweep away the buildup of IAM dust, one that won’t rest until every corner has been cleared.