As businesses increase their digital estate, insider theft poses an increasingly large risk. Whether it’s through malicious parties gaining access to crucial systems and data or employees stealing information to which they should never have had access, firms should be considering these scenarios carefully.
This has been exacerbated by the economic climate, with layoffs and a greater reliance on third-party individuals leading to a lack of oversight and cohesion when it comes to access management. Stolen credentials or over-provisioned contractors can be the first crack in the armor for any business.
In this episode, Rory speaks to Fran Rosch, CEO of digital identity specialist ForgeRock, about the pressing need for better scrutiny of third parties and how companies can control systems access through identity governance.
Highlights
“By leveraging technology, you can really limit your exposure, because you really understand who has access to what and you're limiting the privilege to information unless it's absolutely needed for people to do their jobs.”
“When we think of this accidental user-driven compromise, a lot of it comes down to good old-fashioned phishing, or spear phishing… where users get an email, they think it's from their colleague or they think it's from IT.”
“What we believe, ultimately, is that through open standards and policies there have to be several different… credential issuers or identity providers (IDPs). And as long as they follow open standards, then companies can go ahead and rely on them.”
Read the full transcript here.
Footnotes
- 2022 Cost of Insider Threats: Global Report
- What is identity management and what role does it play in a security strategy?
- What is multi-factor authentication (MFA) fatigue and how do you defend against attacks?
- What is two-factor authentication?
- Amazon, Salesforce to cut 26,000 jobs as tech layoff spree continues
- Twitter executes orders to fire around 3,700 employees, locks offices shut
- Meta cuts 11,000 staff, citing wrong call on investment
- “Great resignation” sparks concern over insider data leaks
Subscribe
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
Getting a grip on digital identityITPro Podcast As AI agent adoption explodes, security leaders will need better identity controls than ever before
-
Let’s talk about digital sovereigntyIn the age of AI and cloud, where data resides is a key consideration
-
Can cyber group takedowns last?ITPro Podcast Threat groups can recover from website takeovers or rebrand for new activity – but each successful sting provides researchers with valuable data
-
July rundown: Salt Typhoon and SharePoint scaresITPro Podcast US public sector organizations are under serious threat from the state-backed hacking group
-
Can the UK ban ransomware payments?ITPro Podcast Attempts to cut off ransomware group profits could instead harm businesses
-
We need to talk about operational technologyITPro Podcast Groups like Volt Typhoon are abusing poor hygiene in critical infrastructure to pre-position for attacks
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
April rundown: MITRE frights and Microsoft launches Recall (again)ITPro Podcast As CISA delivered an eleventh-hour reprieve for the CVE database, AWS reportedly began to pause some data center leases
