With the ever growing accessibility of personal devices to organizational networks, identity management has never been of higher importance in both the public and private sector. Organizations’ IT networks contain an endless amount of sensitive data, and without proper authentication protocols, this data is at constant risk of breach. In the commercial space, the retailer Target’s breach in late 2013 was a difficult reminder that not addressing cyber risks on every level of your organization can lead to severe ramifications and security compromises.
Before examining the Target breach and its relationship to identity management, it is important to understand what the concept of identity management is in itself. Identity management refers to the total solution required to validate the integrity and privacy of individual’s identities. In the cyber world this specifically refers to utilizing digital identities to manage and control access to data. This is accomplished through a variety of methods including authentication and authorization techniques.
While cyber security has been an important initiative for many years, the specific focus toward identity management is more recent, and has grown in the age of personal devices. In the case of the Target breach, a weakness in identity protection or rather a shortcoming of identity management, played a vital role in leading to the breach that compromised millions of consumers.
The Target breach in late 2013 was one of the most publicized due to its sheer impact in the number of affected individuals. What was troubling was that as recently as 6 months ago, Target has invested hefty sums into improving their security protocols against cyber risks. Taking advantage of a $1.6 million dollar malware detection tool that was utilized by the CIA and the Pentagon, the retailer had seemingly made themselves a difficult target to hack, however potential shortcomings in their identity credential protection led to the eventual breach.
A third party HVAC subcontractor of Target’s, with access to the network, was victim to the theft of some of its authentication credentials. Once stolen, these credentials were used to access sensitive data and as such, eventually led to the loss of nearly 40 million credit card numbers. Had the digital identities of this third party subcontractor been properly managed, it is possible that the magnitude of this breach could have been reduced.
The Target breach became a perfect example of why the protection and management of digital identities is crucial to a stable and secure network. Networks now have an infinite amount of access points that greatly increase cyber risks; and, if those identities are not chronicled and managed, sensitive data can find its way out from anywhere. In both the private and public sector, incorporating a strong identity management strategy at all levels of the organization will be the most effective tool against the growing risk of cyber security breaches.
The Department of Homeland Security’s award of a $102 million dollar contract in 2013 for an identity management system was a major step forward in ensuring the protection of sensitive data within the public sector. Continued focus and investment in this area will be needed to ensure the long term viability of secured networks, both public and private.
