*Disclaimer: This article originally appeared in SecurityWeek. 

*Disclaimer: This article originally appeared in eSchool News. 

Student data privacy is quite a different topic from the headlines most people read concerning data breaches. It is not about malicious intruders hacking or stealing credentials to get into a system to steal corporate intellectual property or records to sell on the dark web. Student data privacy concerns, specifically, center on the misuse of personally identifiable information, known by its acronym PII.

In a recent analysis of the top 1,000 global companies, 97 percent were found to have had leaked credentials that were made publicly available on the Web. While this statistic is disturbing enough by itself, what is more troublesome is how that information is captured and made public.

Many leaked credentials come as the result of an organization suffering from a data breach, but another method that attackers are using is to steal credentials from a third-party source, similar to what happened when Spotify and Pandora were attacked. In both of these incidents, corporate emails used to sign up for accounts were either published or sold. Dating and adult websites are also common places where corporate emails are inappropriately used to create accounts, resulting in more than 300,000 corporate or government worker email addresses being exposed.

One of the most concerning trends for 2016 seems to be "Another day, another healthcare data breach." Breaches are becoming an all too regular occurrence and not just among healthcare providers. Retailers, credit and financial institutions, entertainment giants, and even governmental agencies are falling prey to the hackers, and in many cases are allowing access to very private customer data, at an alarming rate.

Quick. Think fast! Which industry is the most under attack by cybercriminals?

If you guessed the financial sector, which has historically been the most targeted industry, then it’s time to update your understanding of today’s cybersecurity threats because retail has taken the top spot, according to 2016 NTT research.

In past posts, we’ve talked about how evolving business and threat landscapes have necessitated more robust, modern, and integrated Identity and Access Management (IAM) solutions. The reality for organizations today is that the weakest link in deterring security threats, such as system breaches and data theft, are employees themselves. Whether intentionally or unintentionally, employee data leaks are startlingly common and can have devastating effects on an organization.

The easiest way to show success is through tangible measurement. When you roll out a new project or implement a new system, you can say that you think it’s working, but without evidence, you really can’t be sure. That is why metrics are so important to a business. Metrics enable an organization to know if productivity is up or if costs are down. They can also measure whether security has improved and identify opportunities to enhance processes. These reasons are precisely why it is so crucial to track identity and access management (IAM) metrics.

According to NRF, the retail industry annually hires between 700,000 and 750,000 seasonal workers for the holiday season. There is no reason to think that 2016 will be any different, with many retailers already ramping up their recruiting efforts for the November and December sales push.

Now that we’ve covered the business and technology trends and the evolving regulatory and budgetary challenges driving the need for a modern, robust IAM solution in the enterprise, it’s time to look at how they all fit together in an IAM upgrade pitch to your CIO.