Identity & Access ManagementThe ‘silver bullet’ against employee phishing?

Michael NewmanCEO, My1Login

Best Identity

Management SolutionIAM Solution

of The Year

IAM Award International Contribution

to Cyber Security

Agenda

1. Phishing : Success Rates and Impact

2. How Organisations Currently Attempt to Tackle Phishing

3. How to Leverage IAM to Defeat Phishing

4. How My1Login Can Help

5. Take-Away Actions

© My1Login Ltd 2007 - 2019

Key Findings

Phishing was involved in 90% of successful attacks.

4% of people will click on any given phishing campaign

The more phishing emails someone has clicked, the more likely they are to do so again.

It takes 16 minutes until the first click on a phishing campaign. The first report from a savvy user will arrive after 28 minutes.

Phishing : Success Rates

© My1Login Ltd 2007 - 2019

The Problem – Why Now?

81% of Data Breaches are

Due to Passwords*

*Source : Verizon Corporate Data Breach Report

Current Identity & Access Management Solutions Don’t Work with All Apps

Therefore Users are Still Have to Manage a Number of Business Passwords

45% Growth in Hacking &

Phishing Over Last Year

£ 4% of T/OGDPR & Compliance Fines are

Increasing

Passwords are the Most Common Cause of Data Breaches

• Cyber-Security Risk• Compliance Fines• Direct Cost – Helpdesk Password Calls & Inefficiencies

GDPR has moved Identity & Access Management from a “nice to have” to a “must have”

© My1Login Ltd 2007 - 2019

ExpensesActive Directory TrainingAppraisals

Unknown Apps

Unknown Apps

Thick Client Apps ie. RDP

ie. mainframe

Shadow IT

Unknown Apps

Unknown Apps

Identity Sprawl due to Disparate Application TypesWeb Apps, Mobile Apps, Thick-client Apps, Flash Apps, Virtualised Apps, I-Frame, Bespoke In-House Apps

© My1Login Ltd 2007 - 2019

The Problem

Insecure User Password

Practices

• Weak passwords that are easy to remember• The same or similar passwords• Weak password practices

• Business has little control over passwords in use• Employees have too many passwords to remember

Employees Solution? YourCompany01YourCompany02YourCompany03YourCompany04

© My1Login Ltd 2007 - 2019

DeceptiveSending a deceptive email, in bulk, with a “call to action” that demands the recipient click on a link.

Web site redirectionCreate a web site which looks like a company web site and wait for users to enter their login details.

How your staff respond to suspicious emails is often one of the last lines of defence. Industry breach data shows us that phishing is successful and plays a part in most breaches.

Common Types of Phishing Attack

© My1Login Ltd 2007 - 2019

How Phishing is Currently Tackled

Anti-Phishing software at network level - attempts to detect known phishing senders etc and prevent these from reaching end-users

Web/Content/Mail Filtering/Antivirus

Education and security awareness Training

Risk reduced but still significant

© My1Login Ltd 2007 - 2019

Each user has a lot of business passwords – probably more than you think

How happy are you leaving employees to use their own methods to manage these?

Why not use an IAM that’s capable of integrating all of their apps with Single Sign-On so they don’t have to remember or manage the passwords?

Once the user logs into the AD they’ll get secure access to all their applications without needing to remember passwords.

How Can Identity & Access Management Eliminate Phishing?

© My1Login Ltd 2007 - 2019

But How Can that Stop Phishing?

Once the IAM solution is managing users’ passwords to provide Single Sign-On, configure central policies on the IAM that force changes to users’ passwords on the ‘target’ applications

For instance, let’s say you store customer records in a cloud-based CRM that is protected by user passwords:-

Old User Created Password : YourBusiness01

Forced Password Update Generated by IAM : BiALw@mPGinz&]0Az{U<Id2u(+wM)/

Take this further by setting a policy on the IAM that hides the newly generated passwords from the users

Users don’t need to know these passwords since the IAM provides SSO linked to their AD profile

If the users don’t know the password for the application, how can they be phished for them

**************************

© My1Login Ltd 2007 - 2019

Phishing Email and Spoofed Website

© My1Login Ltd 2007 - 2019

Key Benefits: Enforces Policies to Ensure Strong

Passwords Enables Replacement of Passwords with

SAML Where Possible Detects Shadow IT Provides SSO into all types of Application

Leveraging My1Login’s IAM to Tackle Phishing

Privileged Password

ManagerSSO for Cloud &

Mobile

Multi-Factor

Authentication

User Account &

Application ProvisioningSelf-service

Password Reset

SSO for Windows

Desktop

© My1Login Ltd 2007 - 2019

Discovery of All Applications

• Detects ”Shadow IT” and puts IT back in control of cloud apps

• Make simple policy decisions to integrate or exclude these from the IAM i.e. for

included apps, User will benefit from SSO next time they access they app

• Automatically links Identities for cloud apps to the corresponding Active Directory

user

My1Login can “Auto-Discover” the Apps Being Accessed by Users and

Automatically Integrate these with Single Sign-On

© My1Login Ltd 2007 - 2019

Set Policy to Change Passwords

• Pro-actively protects cloud apps with random, high-

entropy passwords

• Users no longer need to know their passwords –

they are linked to the IAM and their AD profile.

• Audit trail linked to AD user satisfies non-

repudiation of access

• Takes password management out of the hands of

users –places the business in control

If the users don’t know the password, how

can they be phished?

Leverage your IAM to ELIMINATE PHISHING risks – How?

Set policies on My1Login that auto-update users’ passwords on web applications

(and then hide these passwords from users)

© My1Login Ltd 2007 - 2019

• Choose between seamless UX, portal UX or hybrid UX for IAM based on preferences

• Roll out IAM company-wide using AD Group Policies

Seamless User ExperienceNo Portal, User Launches Apps As Usual – IAM Authenticates

Portal User ExperienceOffer Users An App Portal for Web and Windows Desktop Apps

Additional Benefit: SSO for All Apps with No Training Required

© My1Login Ltd 2007 - 2019

Additional Business Benefits of IAM

• Saves up to 1hr Per Week Per

User

• Significant reduction in admin

effort

• Easy to use – no training

required.

• Audit trail of user access to

applications

• Controls around access to systems

and data

• GDPR, ISO, PCI

PRODUCTIVITY COMPLIANCE

• Eliminated weak passwords

• Eliminated insecure password

sharing

• Context-based user access

• SSO without revealing

credentials

• Instantly revoke application

access from one place.

SECURITY

© My1Login Ltd 2007 - 2019

My1Login’s Identity & Access Management Solution – The Customer’s Perspective

Watch the full, 4-minute video at www.my1login.com

© My1Login Ltd 2007 - 2019

Construction

Hotel & Leisure

Some of Our Customers

Public Sector Energy Financial Retail

Other Sectors

© My1Login Ltd 2007 - 2019

International Contribution

to Cyber Security

Best Cloud Computing

Security Solution

IAM Solution

of The Year

Awards

Cyber Security

Product of The Year

IAM Solution

of The Year

Editors

Choice

The “One to Watch”

Security Company

Cloud Security

Product of The Year

IAM Award

Best Cloud

Security Product

Best Security

Product

Best Security

Company of the Year

IAM Award

Best Identity

Management Solution

Best Identity

Management Solution

Take-away Actions

• The current approach to tackle phishing is not enough

• Use your IAM to audit and discover the cloud apps being used

• Ensure your IAM Solution can automatically update passwords and hide them from users so they can’t be phished

Visit My1Login at Stand U664Looking for more advice?

Speak to our Identity Experts on U664

0800 0443091 IAMadvice@my1login.com

Thank You and Questions

“Global Leader in

Identity Management”

IAM Award International Contribution

to Cyber SecurityIAM Solution

of The Year

Best Cloud Computing

Security Solution

Best Identity

Management SolutionBest Identity

Management Solution