On September 25, Facebook’s privacy problems severely escalated when the social media giant disclosed an unprecedented security issue, that allowed hackers to not only take over the accounts of at least 90 million users, but also access users’ third-party logins.
While the impact (if any) remains to be seen, the hack will go down in the cybersecurity history books as the most widespread in social media history, rightly spurring alarm from many who were forced to reset their access tokens.
In the enterprise space, the event serves only as yet another reminder of the increasingly attractive hunting ground that cyberspace has become, plagued by sophisticated criminals motivated to make money and cause major disruption for corporations.
This sentiment is felt particularly in the Asia-Pacific region, with a recent report placing the total economic impact of cyberattacks in APAC at around US$1,745 trillion a year – a whopping 7% of the region’s total GDP. And around 67% of APAC countries suffered job losses as a consequence of security incidents over only 12 months.
As local enterprises continue transitioning towards the cloud, mobile, and next-generation technologies, a critical need has emerged to secure applications and authenticate users, keep hackers at bay, and maintain control over business-critical systems and information. But how?
Enter: Identity and Access Management (IAM)
Cloud-based Identity and Access Management (IAM) is the security discipline that enables the right individuals to access the right resources at the right times for the right reasons – a vital tool in increasingly heterogeneous IT environments.
Enterprises have long used old, on-premises IAM software to manage identity and access policies. But as companies began adding more cloud services, BYOD policies and expanding IoT devices to their environments, cyberattacks simultaneously become increasingly frequent. Legacy identity security required complex coding, internal resources, and valuable time to integrate.
We needed a way to authenticate and authorize apps and APIs with any identity provider running on any stack any device or cloud. Basically, the tech had to evolve before enterprises could – and it did.
Managing identities now requires the adoption of easy-to-use Identity-as-a-Service (IDaaS) and cloud-based IAM solutions that help authenticate multiple logins on multiple platforms through a trusted third party – a logical step, and a popular one at that.
In fact, a recent industry report by Report Buyer forecasted that the global consumer Identity and Access Management (IAM) market will reach more than $37 billion by 2023. And thanks to its high-risk environment, APAC’s IAM adoption in particular accounts for the highest growth rate in the entire market. This upward local trajectory is chiefly due to the high-security spending by organisations in major countries, such as China, Australia, India, Singapore, and Japan, for consumer identity proofing, authentication, and authorisation.
And not a moment too soon since 43% of APAC IT managers already receive more than 50 cyberthreats each day. And the more data we put out into the world, the higher the risk becomes that this data will be compromised. We must stay ahead of the curve.
Beyond the reactive password reset: We need IAM for first-instance protection
Once we reach the “please reset your password” stage, it’s already too late. By this point, identity data could have already been compromised, and both personal and enterprise costs will already be racking up.
Instead, organisations need to now produce intuitive and secure responses with tools built with a developer focus, making IAM platforms easy-to-use and supporting enterprises to deploy tech with myriad resources and rich content created specifically for their audiences. In other words, protecting consumers before cyberattacks occur.
We’re seeing this trend particularly in Australia, New Zealand, and neighbouring countries, with major enterprises (including tech unicorn Atlassian) standardising and centralising their identity protection systems to stop malicious access attempts before they occur. But although the local enterprise space has come a long way in a relatively short space of time, adoption stats of this new technology still have some acceleration to go if they are to truly prevent APAC’s identity crisis.
Australia, Japan, and Korea still trail behind the rest of APAC when it comes to centralising security management. And some sectors are particularly hesitant – another recent survey of Australian and New Zealand law firms showed that only a quarter of firms planned to allocate profit percentages to new tech in order to ensure the consumer’s identity is secure and protected.
In order to stem the seemingly never-ending avalanche of identity crises, proactive cloud-based IAM tech adoption is key. In the meantime, it might be worth locking that new Facebook password in your long-term memory.