Managing Your Identities and Technical Debt: Mission Impossible?

In a world where digital transformation is essential at all levels, managing the identities of employees and partners is a strategic challenge for companies. This is a real challenge for some structures that need to manage their technical debt. Technical and organizational arrangements must be implemented and regularly updated in order to strengthen access control.

‍

Telecoms operators remain prime targets for cybercriminals. At the end of 2024, SFR and then Free suffered cyberattacks. In the case of Free, these caused “unauthorized access” to the personal information, including IBANs, of approximately 5 million customers. Orange and La Poste Mobile had faced similar incidents in 2022. Other private companies have also been affected by leaks of sensitive data, including usernames and passwords.

‍

The cost of data breaches is constantly increasing

‍

According to its report published in July 2024, IBM estimates the average cost of a data breach at $4.88 million, up from $4.45 million the year before. In France, the increase is limited to 3%, with an average cost of 3.85 million euros, an amount that can reach 5.19 million euros in the pharmaceutical sector.

‍

Cybersecurity management is becoming a real challenge for CISOs, CIOs and their teams, as the attack surface is constantly expanding. This problem is particularly felt in companies that have made acquisitions, where the monitoring of new identities may lack clarity, generating excess access, delays and difficulties when transferring or leaving employees.

‍

The identity factor, a weak link in cybersecurity

‍

Complexity is increasing with the increasing number of identities and sensitive data to manage. “PTo have an activity, businesses are required to have flows, to have a CRM, Microsoft 365 accounts... All these services use identities. If only one is compromised, everyone falls. This problem is often managed from a technical perspective. In fact, if we don't take identity into account, we're missing out on more than half the problem. Businesses federate identities because it's easier to manage one account than 800. However, we must manage each identity as we do for services. ”, explains Julien Courtemanche, Pre-Sales at WithSecure.

‍

Gregory Chevalier, CIO of the CNPP (National Center for Prevention and Protection) also recalls that” identity is not just the person. We will be able to identify the devices that connect. Identity management will be done both on the natural person and on the professional computer, or even bring your own device, which is more or less accepted depending on the structures and depending on the place where you want to connect. It is a question of specifying and validating the connection of this device to its IS ”.

‍

Audit and strengthen identities to limit breaches

‍

This vigilance is essential, as compromising an identity opens the door to numerous other resources. ” Businesses forget to manage them, to make them a little more tenacious, to clean them up, to audit regularly... If there is a flaw in the system, it will give others an opportunity to be able to exploit it. ”, warns Jérôme Etienne, CISO of the Rocher Group.

‍

Hacking Microsoft 365 or Google Workspace email and accounts is a major threat for businesses. Cybercriminals use a variety of methods (phishing, brute-force attacks, exploitation of software flaws) to take control of these accounts.

‍

Once successfully infiltrated, attackers can:

• Stealing sensitive information. Confidential data, whether it's customer information, trade secrets, or financial data, can be extracted and then sold on the dark web or given to malicious competitors.
  

• Usurping Identities. Hackers can send deceptive emails pretending to be trusted employees, which damages the company's reputation. Email hacking has been used to inform customers of an IBAN change, causing some to make transfers to fraudulent accounts.
  

• Disrupt operations. Unauthorized access can cause critical data to be changed or deleted, causing interruptions in the daily functioning of the business. ‍
  

• Spreading malware. Compromised accounts can be used to spread malicious software, both within the company and among its partners.

‍

To protect themselves from these risks, businesses must combine technological solutions and organizational processes:

• Implement two-factor authentication (MFA). MFA reinforces security by requiring a second verification step, such as a code received by SMS or generated by a dedicated application, considerably complicating account access for cyberattackers.
  

• Manage identities and accesses. Identity and Access Management (IAM) centralizes the management of user identities and ensures that only authorized employees can access the resources they need. It offers features such as automatic account provisioning and role management. By assigning specific roles to each employee and ensuring that their level of access matches their needs, IAM enhances security, improves the user experience, optimizes business performance, and facilitates remote working and the adoption of cloud solutions.
  

• Monitor the subcontracting chain. According to a study by SailPoint Technologies, nearly 80% of businesses fear vulnerabilities related to excessive access granted to third parties or former employees. Some information system infiltrations come from access left open to service providers who are no longer active. It is therefore crucial to integrate partners and suppliers into the access segmentation strategy. Access segmentation must therefore include partners and service providers. ” I experienced a compromise on an administrator account on telephony. We can always talk about VPNs, EDR... The sorting is not always done and some accesses that remain permanently open constitute potential flaws. If we don't secure the entire supply chain, we risk big ”, recalls David Patrzynski, CIO of the Nollet group.

• Managing technical debt. ” Businesses decide to keep an obsolete system that no longer has the capacity to evolve. They work with this equipment that is frozen in time... but is in an ecosystem that keeps changing. Technical systems must be adapted and made sure they are up to date ”, note Jérôme Etienne, CISO of the Rocher Group. The solution? Isolate this device. Yes, but to do so, you must first access them in order to integrate security systems, which themselves require identity management. Businesses are therefore constantly faced with this type of dilemma. ” This involves risk management to find the right balance between an investment choice or conservation as it is: how much will it cost, what risks are generated, what adaptation should I put in place, how long should I keep it... Except that the decision taken corresponds to the day it was taken. Tomorrow, maybe the server will present a vulnerability that will weaken my business. This benefit/risk analysis should always be up to date ”, underlines Julien Courtemanche, Pre-Sales at WithSecure.
  ‍‍
• ‍Raise awareness among its employees. Software tools are only part of the protection. All employees, including managers, should receive regular digital hygiene training. This includes detecting phishing attempts, using strong passwords, and constantly paying attention to unusual or suspicious behavior.

‍

Humans at the heart of cybersecurity

‍

In the field of cybersecurity, humans remain a central link. It is therefore crucial to develop a true security culture within the company, so that each employee understands the importance of protecting data and accounts. At the same time, organizations need to ensure that their security policies are clear, accessible, and well understood by everyone.

‍

In summary, managing employee identities and securing accounts represent crucial issues for businesses. The consequences of account hacking can be multiple and particularly serious.

‍

A global approach between technology and best practices

‍

To protect themselves against these risks, businesses will benefit from adopting a global approach, combining sophisticated technologies and good human practices, which are regularly updated and rigorously applied.

‍

By relying on tools such as multi-factor authentication or identity and access management, while strengthening security culture, businesses can increase their resilience to cyber threats and better protect their most critical resources.

‍

To find all our other items, see the complete library of our cybersecurity articles.

As for our programs, from which this article is based, you can check out our YouTube channel.

‍