Identity fabric, a contemporary, flexible identity and access management (IAM) architecture, should “be involved at every stage of authentication and authorisation,” says Stephen McDermid, CSO, EMEA at Okta Security.

According to CISCO’s VP, 94 per cent of CISOs believe that complexity in identity infrastructure decreases their overall security.

In this episode of The Security Strategist podcast, Alejandro Leal, podcast host and cybersecurity thought leader, speaks with McDermid about Identity Fabric, the modern threats to identity security, the role of AI in cybersecurity, and the importance of collaboration among industry players to combat these novel threats.

Stephen emphasises the need for organisations to adopt a proactive approach to identity governance and to recognise that identity security is a critical component of overall cybersecurity strategy.

Poor Identity Governance

Enterprises today face a complicated web of users, applications, and data. Identity, once hailed as a small IT problem, is now at the forefront of cyberattacks, and they are becoming highly lucrative targets for cybercriminals.

Alluding to recent high-profile breaches on the UK high street, McDermid points out the financial impact estimated in hundreds of millions of dollars. The common feature observed among these cyber incidents is the misuse of “poor identity governance.” This happens when users’ old login information lacks multi-factor authentication (MFA) or when attackers use social engineering to reset passwords.

The reality today is that attackers now use automation and AI to find valid identities, which makes their work easier than ever, owing to a vast number of compromised credentials available online. The scale of the threat is massive. McDermid noted that "fraudulent sign-ups actually outnumbered legitimate attempts by a factor of 120." This indicates that organisations need to accept that "a breach is inevitable."

Ultimately, McDermid's message was clear and pressing. He urged CISOs to understand where their identities are throughout their businesses. Furthermore, he stressed on the need to assume a breach and consider how to respond.

The CSO also called for them to challenge their SaaS vendors to commit to the new standards. In his opinion, only through this type of collective action can the security community hope to make a difference in what seems to be a losing battle right now.

Takeaways

• Identity Fabric is a framework for managing identities at scale.
• Modern attacks exploit poor identity governance and lack of MFA.
• Organisations must assume breaches are inevitable and prepare accordingly.
• AI can enhance identity threat detection and response.
• Collaboration among vendors is essential for improving security standards.
• Human oversight is crucial in AI decision-making processes.
• Shared Signals Framework improves API efficiency and security.
• Interoperability is key to addressing identity security challenges.
• Organisations should centralise governance of identities throughout their lifecycle.
• CISOs must stay informed about emerging threats and trends.

Chapters

• 00:00 Understanding Identity Fabric
• 02:21 Modern Threats to Identity Security
• 06:32 Collaboration in Cybersecurity
• 10:38 AI Agents and Identity Security
• 14:14 Key Takeaways for CISOs