Industry Voice: Combat cyber-attacks with effective CIAM

clock • 3 min read
Industry Voice: Combat cyber-attacks with effective CIAM

The progressive digitisation of work and how customers interact with services means that organisations' security must keep pace. As devices proliferate and users expect remote access, cyber-attack surfaces grow, and infrastructure vulnerabilities can occur.

Ensuring reliable and secure Customer Identity and Access Management (CIAM), has therefore never been more important.

Computing's latest research into this subject, conducted in partnership with ForgeRock, explores current cybersecurity concerns and why effective CIAM is vital.

Of the 150 IT leaders surveyed, 57 per cent have experienced an increase in the frequency of cyber-attacks involving customer-facing digital platforms in the last two years. Alarmingly, around a third admitted such platforms had been accessed at least once by someone falsely posing as a customer, in the last year alone.

Increasing complexity and occurrence of attacks

Phishing, ransomware, spyware, social engineering attacks, and more are all progressively sophisticated and frequent. Insufficient authentication and authorisation processes make breaches and identity fraud more likely to occur. With this, organisations are left vulnerable, and customers lose trust - both severely damaging to an organisation's reputation.

Choosing a Zero Trust approach to your customer-facing infrastructure ensures verification is continuous, greatly limiting the spread and scope of breaches. CIAM platforms determine who is requesting access, whether they are authorised to do so, and if they can prove they are the entity they claim to be. By combining this with a broader Zero Trust model that assigns the least trust required for each user and endpoint to operate effectively, you minimise the access granted by any adversaries. The days of ‘trust but verify' should be long gone.

Context-driven Multi-Factor Authentication (MFA) and other modern CIAM solutions combat poor cyber hygiene, removing the onus from the user, as well as the friction, streamlining services but constantly verifying. This is recognised by IT decision makers who identified the most important features for choosing a CIAM vendor as end-to-end encryption, adhering to compliance standards, secure password policies/passwordless, and MFA.

Don't compromise on user experience

But how can organisations balance security and customer experience, if the common perception is that developing and nurturing one will diminish the other?

Securely identifying and authenticating users when they access services, even from a range of different devices, need not be laborious and manual. In fact, seamless simple interfaces are expected now.

In a market where not all CIAM solutions are created equal, more advanced platforms solve the challenge of organisations integrating a CIAM environment that provides optimum security and user experience, simultaneously helping to understand, serve and secure customers more effectively. Bringing all this to a single platform can even enhance customer experience, tapping into user recommendation systems and providing a seamless, connected ecosystem. Those that have adopted advanced CIAM solutions are significantly more successful in achieving good customer experiences, ROI, compliance, and customer security - without compromise.

All organisations are at risk. It is not a question of if, but when you'll be attacked. Given the impact an incident can have on reputation, growth, revenue, and trust, organisations must consider the efficacy of current CIAM solutions.

To learn more about Computing's latest research into overcoming CIAM security and user experience challenges, read the full report.


This post is sponsored by ForgeRock 

More on Security Technology

Google strengthens Advanced Protection Program with passkey integration

Google strengthens Advanced Protection Program with passkey integration

To enroll in APP with a passkey, users need a compatible device and browser

clock 12 July 2024 • 3 min read
NCSC CTO: UK tech sector not incentivising companies to build secure software

NCSC CTO: UK tech sector not incentivising companies to build secure software

Calls for market reform to usher in secure future tech

clock 17 May 2024 • 2 min read
Wales launches CymruSOC, the UK's first national cybersecurity operations centre

Wales launches CymruSOC, the UK's first national cybersecurity operations centre

A ‘defend as one' approach for public services

John Leonard
clock 10 May 2024 • 1 min read