As businesses increase their digital estate, insider theft poses an increasingly large risk. Whether it’s through malicious parties gaining access to crucial systems and data or employees stealing information to which they should never have had access, firms should be considering these scenarios carefully.
This has been exacerbated by the economic climate, with layoffs and a greater reliance on third-party individuals leading to a lack of oversight and cohesion when it comes to access management. Stolen credentials or over-provisioned contractors can be the first crack in the armor for any business.
In this episode, Rory speaks to Fran Rosch, CEO of digital identity specialist ForgeRock, about the pressing need for better scrutiny of third parties and how companies can control systems access through identity governance.
Highlights
“By leveraging technology, you can really limit your exposure, because you really understand who has access to what and you're limiting the privilege to information unless it's absolutely needed for people to do their jobs.”
“When we think of this accidental user-driven compromise, a lot of it comes down to good old-fashioned phishing, or spear phishing… where users get an email, they think it's from their colleague or they think it's from IT.”
“What we believe, ultimately, is that through open standards and policies there have to be several different… credential issuers or identity providers (IDPs). And as long as they follow open standards, then companies can go ahead and rely on them.”
Read the full transcript here.
Footnotes
- 2022 Cost of Insider Threats: Global Report
- What is identity management and what role does it play in a security strategy?
- What is multi-factor authentication (MFA) fatigue and how do you defend against attacks?
- What is two-factor authentication?
- Amazon, Salesforce to cut 26,000 jobs as tech layoff spree continues
- Twitter executes orders to fire around 3,700 employees, locks offices shut
- Meta cuts 11,000 staff, citing wrong call on investment
- “Great resignation” sparks concern over insider data leaks
Subscribe
-
Anthropic CEO Dario Amodei claimed AI would be writing 90% of code by this point – we're still a long way offNews In March, Anthropic CEO Dario Amodei claimed up to 90% of code would be written by AI within six months – his prediction hasn't quite come to fruition.
-
Veracode bolsters leadership team for next growth chapterNews The application security vendor has named Anthony Barkley as chief strategy officer and Diana Bushard as general counsel
-
Let’s talk about digital sovereigntyIn the age of AI and cloud, where data resides is a key consideration
-
Can cyber group takedowns last?ITPro Podcast Threat groups can recover from website takeovers or rebrand for new activity – but each successful sting provides researchers with valuable data
-
July rundown: Salt Typhoon and SharePoint scaresITPro Podcast US public sector organizations are under serious threat from the state-backed hacking group
-
Can the UK ban ransomware payments?ITPro Podcast Attempts to cut off ransomware group profits could instead harm businesses
-
We need to talk about operational technologyITPro Podcast Groups like Volt Typhoon are abusing poor hygiene in critical infrastructure to pre-position for attacks
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
April rundown: MITRE frights and Microsoft launches Recall (again)ITPro Podcast As CISA delivered an eleventh-hour reprieve for the CVE database, AWS reportedly began to pause some data center leases
-
The new era of cyber threatsITPro Podcast With AI-powered attacks and state-backed groups, security teams face face a new wave of sophisticated threats
