Businesses are perpetually cornered, navigating cybersecurity threats and trying to keep their head above water with their never ending laundry list of security to-do’s. Simon Hodgkinson, an Advisor from Semperis and former Chief Information Security Officer (CISO) at one of the world's largest oil companies, opened up about his experience towards identity – the game in which we’re in today.

"Identity is the kingpin of every business technology ecosystem," reiterating that identity platforms are no longer just a backend issue; they are the main component of modern day business operations.

The former CISO opens up about real life scenarios about the impact identity platforms can have on a business which results not only loss of business operations but loss of revenue.

"It’s terrifying to think about, but if your identity platform is down, you're locked out," Hodgkinson warns.

As organisations scramble to centralise their identity management, there's growing anxiety about putting all their proverbial eggs in one basket.

"Your business grinds to a halt, leaving you vulnerable and defenceless."

Are people nervous? The very thought and the concern that ripples through many businesses conversations. Hodgkinson, however, is committed to soothing those internal thoughts.

"It's always been the standard architectural pattern, and for a good reason. Centralised identity management simplifies a nightmarish task."

Hodgkinson recounts the archaic, cumbersome days of manually managing user access across a myriad applications. The frustration of adding a new recruit to every single relevant system, or worse, keeping track when roles change or employees leave. The complications are endless; and the security nightmare is ongoing.

"Centralising identity not only streamlines operations but fortifies security," Hodgkinson insists.

But with consolidation comes aggregation of risk.

"Nine out of ten cyberattacks target the identity platform," Hodgkinson reveals.

As companies are stumbling with multi-factor authentication (MFA) deployment.

"It’s simplistic, yet, shockingly, many still don’t implement MFA," he says.

But the problem extends beyond technical deficits.

"Recovery can take days, even weeks, if you’re not prepared." Echoed Hodgkinson.

The human element, often the term coined in the industry as the ‘weakest link’, cannot be ignored. Mr Hodgkinson addressed the cultural change needed in corporate environments.

"Security must be everybody’s business, not just the Chief Information Security Officer's." Added Hodgkinson. The drive to foster a security-conscious culture is important, for even minor lapses.

Risk is a big area, Hodgkinson stresses, is ubiquitous and unrelenting. Be it a plant operator weighing the costs of software patches against operational risks or a CEO balancing budgets.

"Cyber risk isn’t unique; it’s just another facet of business risk," he affirms.

The Advisor drives home the importance of context: understanding and communicating these risks in business terms is fundamental. Executives need to appreciate that recovering from a widespread cyberattack is akin to salvaging a sinking ship, prioritising essential processes – the "minimum viable business" – to stay afloat.

As Hodgkinson shares cyber stories, including the cataclysmic NotPetya attack. Businesses must continuously simulate crisis scenarios.

"The minimum viable business isn’t just a buzzword," Hodgkinson counsels. "It’s about survival, about knowing which parts of your business you need to bring back to life when the worst occurs."