We live in a digital world and, in a time where change is the new constant and where Artificial Intelligence (AI) is being introduced in several areas, knowing the value of you and your identity is a critical aspect. This comes in multitude aspects, some of which I will touch on in this post.
Your digital identity is increasingly defining who you are and, more importantly, what you can do. You are being monitored in several areas that could be leveraged, for example, to change your insurance fees, your credit rating when applying for a loan, make the difference between landing your dream job or not, or get the healthcare or dental plan that you need or not. The digital identity of you is something that will follow you and will be hard currency that is worth protecting - for you and the organization you work for.
Some countries like China, are introducing monitoring of everyone's identities, a social score, much like a financial score that can impact if you get a loan, if you are allowed to travel or not. In countries with democracies, it is worth discussing where you draw a line of the personal integrity and greater good for society and where you find the right balance. How much are we willing to accept to let go and, at the same time, willing to compromise for the sake of safety and protection against terrorist attacks - as one example?
In parallel, organizations spend a lot of time thinking about prevention of attacks on their systems and corporate data. More often than not, I am puzzled that very few discussions with customers include discussions around the employees in the sense of their identities.
The bottom line here is that you have a personal identity and a corporate identity, and today more and more of these identities mesh together. For example, you use your personal identity to log into certain tools and services where you also act as a professional. A lot of the services that you use privately are also being used in professional aspects with your corporate identity.
The value for organizations to also know if their employees personal identities have been compromised is a critical aspect when building a cyber defense strategy. Not considering the value and associated risk of the personal identities of your employees can be a critical risk and a very easy way in for adversaries to your crown jewels.
On a personal level, you also need to be aware of when your personal identity is compromised, and the value of your personal identity personally as well as what implications there might be for the organization you work for.
So the message is loud and clear - organizations need to build in a strategy that includes the personal identities in their risk posture.