Who Is Responsible for Identity Threat Detection and Response?

Effective identity threat detection and response programs are the cornerstone of a resilient organization.

Common identity threats include phishing, credential theft, insider threats, and ransomware, but in an evolving threat landscape, staying informed on the latest threats through threat intelligence feeds and industry collaboration is crucial.

Investment in employee training, collaboration, and cutting-edge technologies is critical to stay one step ahead of cyber threats, prioritizing the protection of the identity fabric to defend against cyberattacks.

To achieve this, security and risk management leaders should appoint an identity threat detection and response (ITDR) owner to coordinate prevention, detection, and response activities.

Overcoming ITDR Gameplan Challenges

 Craig Jones, vice president of security operations at Ontinue, explains implementing ITDR can be challenging due to staff shortages, limited resources, and poor coordination between departments.

“Overcoming these challenges requires investment in employee training, resource allocation, and fostering a culture of collaboration,” he says. “Regular and comprehensive security awareness training is essential to ensure employees understand ITDR best practices.”

For organizations just starting to develop an ITDR program, Jones recommends they start by conducting a thorough risk assessment to identify critical assets and potential threats. 

“Assign a dedicated ITDR owner or team responsible for coordinating prevention, detection, and response efforts, and develop a comprehensive ITDR plan that outlines roles, responsibilities, and processes for each stage of the ITDR lifecycle,” he says.

He adds it’s important to regularly test and update the ITDR plan, incorporating lessons learned from past incidents and staying informed about the latest threats and technologies.

Craig Debban, CISO for QuSecure, explains for a lot of organizations, there is a dependence on a disparate set of systems that are on-prem, in the cloud, or both -- and they are not always well integrated.

“User identities are then decentralized since they are replicated in multiple places,” he says. “This diversity leads to gaps in functionality for the end user, negatively impacts operational efficiency, and is often overcome by oversubscribing permissions which impacts overall security and risk across the business.”

From his perspective, a well thought out mesh integrating the organization’s Identity and Access Management (IAM) solution needs to be considered.

Encouraging Employee Participation, Preparedness

George Jones, CISO at Critical Start, says to stay updated on the latest threats, companies should conduct regular security awareness training for employees.

This includes participation in information sharing forums, monitoring security news and updates, and establishing a robust threat intelligence program.

“If these are not possible, they should engage a vendor that is able to provide these services with solid service level agreements built into the agreement to ensure company assets are protected,” he says.

Jones says challenges to implementing ITDR can be overcome by building a solid case for ITDR, involving all relevant stakeholders from both technology and the business, conducting regular risk assessments at least once per year, and leveraging cloud-based automation tools and solutions for cost-effective scalability.

“Establishing a culture of security awareness and training, conducting regular training sessions and drills, providing access to relevant policies and procedures, and gamifying disaster recovery are common tactics we employ,” he says.

This encourages employee engagement and participation, as all employees are challenged to know their roles and responsibilities in ITDR.

Personalized Training Eases Adoption

Debban agrees it’s important to personalize the training curriculum to the type of information technology the company has in use. “Relevance often eases the adoption of the practices you are encouraging,” he says. “Your training programs should also reinforce a culture of a security first mindset.”

He adds organizations should support that training with readily available methods to submit incidents or register possible risks so they can be addressed faster.

Zane Bond, head of product at Keeper Security, explains ultimately, anyone with access to the “keys to the kingdom” shares some responsibility in identity threat detection and response.

“IT and security teams are going to be the ones responsible for championing the change, implementing and maintaining solutions, and leading the response through an incident commander,” he says.

Promising Tools Emerging in ITDR

Critical Start’s Jones says the most prominent emerging technologies are AI and machine learning in the ITDR space.

“Other commonly used tools are cloud-based DR solutions, and blockchain technology for secure data storage,” he adds. “These can enhance ITDR efficiency, resilience, and scalability while potentially reducing downtime and minimizing costs of both DR and downtime.”

Ontinue’s Jones points out future ITDR trends include AI for threat detection, zero-trust security architectures, and cloud-based security solutions.

“Organizations new to ITDR should conduct risk assessments, assign dedicated ITDR owners, develop comprehensive plans, invest in employee training, and regularly update their ITDR plans,” he notes.

Ravi Srivatsav, CEO of Inside Out Defense, agrees AI and ML have already had a significant impact on ITDR by enabling more sophisticated and accurate threat detection. “In the future, AI and ML will continue to play a crucial role in ITDR by enabling more efficient and automated response to threats,” he explains.

Meanwhile, incident response automation can help organizations detect and respond to identity threats faster and more efficiently. This technology automates the incident response process via policies, enabling organizations to remediate incidents in real-time and reduce the risk of data loss or damage.

“ITDR is an ongoing process, and organizations should regularly monitor and update their ITDR program to ensure that it remains effective in addressing current and emerging identity threats,” Srivatsav notes.

What to Read Next:

In a Hybrid Work Environment, Security Is a Business Enabler

12 Ways to Approach the Cybersecurity Skills Gap Challenge in 2023

Cyberattack Takes Down Systems at Philadelphia Inquirer