The scale and cost of security breaches has nearly doubled over the last year, according to recent findings from the audit firm PWC. Kevin Cunningham, president and founder of SailPoint, an identity and access management (IAM) product provider, takes a look at the year to come with three predictions for enterprise IT security in the year ahead:
1. Businesses will evolve from network-centric security to user-centric security
With data breaches on the rise, it is clear that today’s network-centric security is not enough to help businesses stay secure. Disruptive technologies like cloud and mobile have changed the way users work and share data beyond the perimeter of the enterprise. At the same time, hackers favor more and more the human attack vector (employees, contractors, partners and even suppliers). In many of these attacks, a legitimate account or system access is knowingly or unknowingly hijacked for illicit purposes. To prevent or minimise data breaches tied directly to insiders, it is critical that businesses take a user-centric approach when it comes to security in 2016 and beyond. That means leveraging a comprehensive approach to identity and access management programs, ensuring a single, unified view into and automated control over all user access.
2. Consumer data breaches will be high on the enterprise agenda
Seemingly consumer-facing data breaches are exposing organisations to increased risk. Just look at the Ashley Madison hack from this year. Many of the site’s registered users signed in with corporate email addresses – and several of these users who used the same password across personal and professional applications also put their employer’s data at risk when their credentials were exposed. This breach provided a real-time example of how consumer breaches can and do impact corporate security and business operations. Every consumer breach potentially exposes unrelated organisations in this same way, and hackers are very aware of that. Businesses must welcome the New Year prepared for the most important factors of risk mitigation, which include education and rapid remediation. Employees need to know the importance of not reusing passwords across applications and systems. Further, when the next big consumer data breach happens (and we know that it will), enterprises must be able to quickly find out how and why it occurred, assess the risk to their business and take action to mitigate the threat and risk to their businesses.
3. The insider threat will loom big
The ability for hackers to take control of legitimate user identities will be a major issue for organisations in 2016. The onslaught of new technologies has multiplied usernames and passwords, while taking mission-critical data outside of the view of IT. At the same time, organisations must enable appropriate access to applications at the right time for their workforces, regardless of where and how they access those applications.
Businesses are running fast, and IT organisations in 2016 have to be three steps ahead. That means rolling out enabling technologies like single sign-on, strong multi-factor authentication, providing password management and employing good account management practices that automatically revoke that access when it’s no longer needed.
If the increasingly frequent news of large-scale data breaches has proven anything for businesses in 2015, it’s that there is no longer a question of whether an organisation will be breached, but rather how and when. However, it’s the severity of the data loss, not simply the fact that a breach took place, that impacts the business, damages the brand and ultimately, affects the bottom-line. With executives, board members, consumers, employees and partners unified in their concern over security controls, companies that proactively build internal identity management controls to minimise the impact of a breach will come out on top in 2016 and beyond.
