Cyber Experts Weigh-in on the First Ever Identity Management Day - Part 2

Read our interview with IDSA Executive Director Julie Smith on Identity Management Day here.


The National Cybersecurity Alliance and the Identity Defined Security Alliance (IDSA), present the first 'Identity Management Day,' an annual awareness event that will take place on the second Tuesday in April each year.

We heard from numerous cyber experts on identity management's importance and how it has become an integral piece of creating a fortified cybersecurity posture.


Ashish Gupta, CEO & President, Bugcrowd:


“The inaugural Identity Management Day is a valuable occasion for the entire online global community to recognize the importance of securing digital identities. A record 36 billion records were exposed in 2020 that helped fuel a record number of identity theft cases. As cybercriminals continue to take advantage of a spike in digital operations, enterprises need to put a stronger emphasis on safeguarding customer’s sensitive personal information and consumers also need to be cognizant and mindful of sharing information with third parties. We can collectively strengthen consumer privacy by working together to utilize best security practices, better educating consumers and creating a fundamental focus on security as a whole.


Pressure from recent legislation and upcoming congressional proposals are forcing enterprises across industries to put a stronger emphasis on bolstering privacy measures. To improve data protection and prevent information leaks, organizations need to take a proactive approach to security to stop attacks before they occur. More organizations are embracing crowdsourced cybersecurity as an integral part of their cybersecurity posture that allows highly skilled external security researchers to actively monitor network vulnerabilities and ensure networks are effectively preventing unauthorized access. By adopting a layered “strength in numbers” security approach, organizations can prevent data theft that commonly leads to fraud, identity theft and other breaches. Likewise, consumers need to be careful about where, how and to what extent they share their sensitive information. It’s important to actively be on the lookout for phishing and impersonation scams and be extremely cautious of any suspicious organizations or individuals that are asking for intimate financial or personal information.”

Anurag Kahol, CTO and Co-founder, Bitglass:

"Identity Management Day emphasizes the importance of protecting our digital identities (which is increasingly critical as the acceleration of digital transformation efforts opens new doors for threat actors). With many internet users holding dozens of online accounts across various services, it has become more difficult for them to memorize numerous, complex passwords. Unfortunately, password reuse has become a common malpractice that increases the chances of account hijacking when one set of a user’s credentials are leaked. More than 80% of hacking-related breaches are tied to lost or stolen credentials and it is now self-evident that passwords alone are not enough when it comes to authenticating users.


As the security landscape evolves, consumers and businesses must work together to ensure the privacy of corporate and personal data. To properly verify the identities of their employees and customers, companies must enhance their security protocols by establishing continuous, context-based security throughout the entire login experience. Solutions like multi-factor authentication (MFA) and single sign-on (SSO) don’t require users to remember countless passwords, while also mitigating the risk of account compromise. On a consumer level, users can safeguard their digital identity by educating themselves on the risks of password reuse, following cybersecurity best practices, and staying informed on rising threats. Because we now live in a time when our daily lives revolve around the internet and our various accounts therein, identity management awareness has never been more critical."


James Carder, CSO, LogRhythm:


“According to the FTC, cases of identity theft nearly doubled from 2019 to 2020, reaching an astonishing 1.3 million cases in the U.S. While this is undoubtedly a drastic increase, malicious actors are still leaning on many of the same tactics to impersonate innocent consumers and cause personal or financial harm. As hackers only require a few tidbits of information to build an online profile, consumers can take several measures to properly defend themselves and not fall into common pitfalls.


First, any time you download a new app, create an online account or configure a new electronic device, data is collected and potentially shared. One of your first orders of business should be to look up the privacy settings of whatever platform you’re using to understand how you can further protect your personal information and leverage additional security measures like two-factor authentication and data encryption. You should also be mindful of applications that incorporate location services and how they’re collecting, utilizing and/or sharing this data. Additionally, make sure you’re using various, unique passwords for meaningful accounts as it’s incredibly easy for hackers to access more information by recycling stolen credentials. Lastly, avoid any suspicious messages (emails, texts, voicemails, etc.) and websites that don’t seem legitimate as this is often an attempt at phishing or malware.


While the pandemic has created a breeding ground for scams, fraud and identity theft, it also led to a surge in cyberattacks. Organizations play a vital role in safeguarding consumer data and Identity Management Day is an important reminder that it’s also their responsibility to ensure sensitive information doesn’t fall into the wrong hands. Enterprises must be fully transparent with consumers about what information they need, how they utilize it and what they’re doing to protect it. Any business or agency that is operating within any digital capacity needs to treat customer data as if it were their own private information. Establishing a culture that puts the customer and security first will better prevent data leaks and breaches that lead to identity theft.”

###