The following are some of the main ways to tackle identity and access management (IAM) threats:

1. Strong authentication: Implementing strong authentication methods, such as multi-factor authentication (MFA), biometrics, or smart cards, can reduce the risk of unauthorized access to sensitive systems and data.
2. Access control: Implementing access control systems, such as role-based access control (RBAC) or attribute-based access control (ABAC), can ensure that users only have access to the systems and data they need to do their job.
3. Password management: Implementing password management policies, such as requiring strong passwords, frequent password changes, and the use of password managers, can reduce the risk of password attacks.
4. Monitoring and auditing: Regularly monitoring and auditing access to sensitive systems and data can help identify and prevent unauthorized access.
5. Training and awareness: Providing training and awareness programs for employees can reduce the risk of social engineering attacks and increase their understanding of security best practices.
6. Incident response: Having a well-defined incident response plan in place can help organizations quickly respond to and recover from security incidents.
7. Risk management: Implementing a risk management framework, such as the NIST Cybersecurity Framework, can help organizations identify, assess, and prioritize risks, and implement effective countermeasures.

By implementing these strategies, organizations can reduce the risk of IAM threats and protect sensitive data and systems from unauthorized access and attacks.