Identity Automation Blog

Stay up to date with all of the latest news and events.

In the first installment of our series on security and the CEO, we discussed the dangerous disconnect between the rosy view of security held by the C-suite and the much grimmer reality seen in the trenches of IT. Today, we’re going to talk about the consequences of executive overconfidence in your information security program.

What a year 2016 has been! With 2017 fast-approaching, we’ve decided to take a look back at some of our Enterprise blog highlights from the past year. From the risks of contingent workers, to upgrading legacy systems, to privileged access management, to single-sign-on – we’ve covered a wide range of identity and access management topics in 2016.

Quick. Think fast! Which industry is the most under attack by cybercriminals?

If you guessed the financial sector, which has historically been the most targeted industry, then it’s time to update your understanding of today’s cybersecurity threats because retail has taken the top spot, according to 2016 NTT research.

The easiest way to show success is through tangible measurement. When you roll out a new project or implement a new system, you can say that you think it’s working, but without evidence, you really can’t be sure. That is why metrics are so important to a business. Metrics enable an organization to know if productivity is up or if costs are down. They can also measure whether security has improved and identify opportunities to enhance processes. These reasons are precisely why it is so crucial to track identity and access management (IAM) metrics.

According to NRF, the retail industry annually hires between 700,000 and 750,000 seasonal workers for the holiday season. There is no reason to think that 2016 will be any different, with many retailers already ramping up their recruiting efforts for the November and December sales push.

Now that we’ve covered the business and technology trends and the evolving regulatory and budgetary challenges driving the need for a modern, robust IAM solution in the enterprise, it’s time to look at how they all fit together in an IAM upgrade pitch to your CIO.

When you hear about retail establishments suffering from a data breach, names like Neiman Marcus, Target, The TJX Companies, Michaels, and The Home Depot dominate the headlines. When you read these news stories, it might appear as if cyber criminals are only going after the big fish. Unfortunately, this might lull small and mid-sized businesses into thinking that they are not likely to be the targets of such an attack. This is supported by recent research that shows that more than three-quarters of all SMBs believe that they are safe from to cyber attacks.

The truth is, small and medium sized retailers make up 62 percent of the data-breach victim pool, because attackers know that small and mid-sized businesses are:

It is a challenging reality of the retail sector that employees are traditionally the weakest link to deterring digital security threats, such as system breaches and data theft. In a complex environment where employee turnover, seasonal workers, a mobile workforce, and shifting roles are a constant challenge, protecting the organization from security threats requires a vigilant approach to access and identity governance.

The Real Cost of Data Breaches in Retail

With the average data breach costing approximately $4 million per breach, the damage to retail businesses can be catastrophic. Yet those dollars only hint at the thing executives fear losing most: the company’s reputation.

A recent study by Retail Perceptions, “Security Hacks and the Lasting Impact on Retailers” found that:

  • “43% of shoppers do not trust companies to keep their personal information safe.”
  • “40% of shoppers avoid retailers that have been hit by security breaches.”
  • “39% of shoppers say that they spend less than before at retailers who have experienced a security breach”

The goal of the Payment Card Industry Data Security Standard (PCI) is to protect cardholder information from abuse. While the standard does not make any technology recommendations, its requirements line up with best practices for how payment card information should be handled, communicated, and stored in order to sufficiently secure it.

Most people find that there are a number of solutions, appliances, and tools available to protect cardholder information as it is sent over data lines and stored on a database server. Attackers who are seeking to steal this information are well aware that these two areas are well-protected, so they go after the one source that is more susceptible to a breach – the user and their accounts.

In order to make sure that you are protecting how the payment card information your business collects is properly secured, you need to make identity management a foundation of your PCI compliance program.

According to Statista, the market for identity and access management is expected to grow to 7.1 billion dollars by the year 2018. This is up from 4.5 billion dollars in 2012; and much of this growth can be attributed to the fact that so many organizations are looking to upgrade their identity management software to better meet the security and workflow needs their company faces.

Unfortunately, there is no odometer on your current identity management solution that tells you it is time for an upgrade. Instead, knowing when you need to look at making a change can be determined by these four key factors.