Brand reputation is always top of mind for Chief Information Officers (CISOs) who are charged with articulating cybersecurity risk to the leadership team while ensuring that the security team is well-positioned to mitigate those risks. As emerging technologies come to market, many organizations are trying to determine which will complement their existing tech stacks. According to WhaTech, “The consumer identity and access management market size is expected to see rapid growth in the next few years. It will grow to $71.59 billion in 2028 at a compound annual growth rate (CAGR) of 17.9%.”

Aflac is one example of an enterprise that has been developing its Consumer Identity and Access Management (CIAM) framework. The company’s global CISO, Tim Callahan, said that in the ongoing effort to build, “Quackcess Granted,” part of Aflac’s CIAM framework, “We have strengthened our strategic relationships with providers.”

Of course, identity and access management is critical to ensuring that unauthorized users don’t gain access to data, which often results in a security incident or data breach. This week, we saw news that a hacker using the name “Fortibitch” claimed to have stolen 440 gb of data from Fortinet via an Azure SharePoint. The cybersecurity company is not alone. CSO Online compiled a list of the 15 biggest data breaches in recent years.

To learn more about identity access management solutions, visit RSAC Marketplace. Here you’ll find a wide array of vendors and service providers who can assist with your specific needs. Have an access management success story you want to share? Answer the RSA Conference 2025 Call for Submissions by September 27. 

Now let’s take a look at what else made industry headlines this week.

Sept. 13: Forbes reported, “Hackers using malware named Vo1d have successfully installed a backdoor on streaming boxes that enables them to download and install malicious applications.”Sept. 13: A Homeland Security Investigation led to agents in Massachusetts seizing over 350 Internet domains allegedly used by Chinese outfits to sell US kits that convert semiautomatic pistols into fully automatic guns.

Sept. 12: Mastercard acquired US cybersecurity firm, Recorded Future, to expand its threat intelligence.

Sept. 12: According to The Hill, “A federal judge on Tuesday blocked Utah from enforcing an ambitious new law that would have required social media companies to verify people’s ages, apply privacy settings and impose certain restrictions on minors.”

Sept. 11: Google introduced an “Air-Gapped” back vault to help organizations protect their data from ransomware attacks.

Sept. 11: Members of Lazarus, a North Korean hacker group, have been posing as recruiters and enticing Python developers with a password coding test project that includes malware.

Sept. 10: Cryptocurrency fraud losses increased by 45% in 2023 compared to the previous year, according to a report from the FBI's Internet Crime Complaint Center.

Sept. 10: The threat actor tracked as Mustand Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration,” The Hacker News reported.

Sept. 9: The data of nearly 300,000 individuals was compromised in a data breach at Avis Car Rental.

Sept. 9: The Cybersecurity and Infrastructure Security Agency (CISA) released two election security checklists for both cybersecurity and physical security.