Given the title message, this is the year for getting on your Zero Trust Security Journeys, just think as though you are already breached and compromised - now get on with it and tackle it.
I love darkreading.com!!! I totally agree that Businesses should require two-factor authentication (2FA) wherever it's supported, preferably using a time-based one-time password (TOTP) code or a hardware-based FIDO2 key. I just read on YubiKey the other day (The YubiKey 5C is the #1 security key that works with more online services and applications than any other security key. Usernames and passwords are not enough to protect your accounts. Using a security key as a form of two-factor authentication is a simple and proven method for locking down your accounts and keeping them secure.) I find it to be interesting technology however, many companies kill the USB ports that would prevent this technology. I use my authenticator on many websites, but it is becoming tedious because I have to scroll and hunt for the correct TOTP.
IAM without a doubt is our biggest problem we will face for the next two or so years. Its time to fix these issues now that we have the tools to do so.
If you are an (ISC)2 Member you have FREE access to Professional Development Institute (PDI) courses. One of my favorites that I can recommend is called “Preparing for a Zero Trust Initiative”.