While the volume of cyberattacks is on the rise across the board—attacks are up 100 percent since 2015—retail is particularly at risk. And the numbers back that up.

One study found that retailers respond to cyberattacks on average twice a week, with an astonishing 16 percent experiencing attempted attacks daily.

The employees in your organization are all different. There are people in marketing and finance and HR. There are people who always work from the office, those who always work from home, and those always on the road. Some employees need lots of access to sensitive data and systems to do their job, while others only need basic access to standard applications.

Many of our customers implement our Identity and Access Management (IAM) platform for its identity lifecycle management capabilities. And with good reason—automating these tasks means IT no longer has to waste valuable time and resources creating and managing accounts or provisioning and deprovisioning systems and target applications.

Does your university have a shadow IT problem? The answer is most likely yes. Higher education institutions across the country are struggling with shadow IT challenges resulting from devices, services, and software residing outside of IT’s control and/or ownership.

Your organization likely realizes the unfettered access that traditional IT privileged accounts provide and has taken proactive steps to lock down access to these accounts. But what about critical business systems that offer the ability to cause reputational damage or that provide access to monetizable data, such as protected health information (PHI), credit card numbers, and social security numbers?

With the explosion of the number of cyberthreats, higher education institutions are struggling to secure their IT infrastructures in the face of limited budgets and staff. Add to this the decentralized nature of these institutions, and you have a recipe for cyber disaster.

Traditionally, privileged accounts are IT-based and have special active directory (AD) attributes. IT administrators use them to log into servers, switches, routers, and applications and perform tasks without restriction.

Legacy security systems focus on protecting these AD privileged accounts, and with good reason: Once obtained by hackers, the accounts can be used to access the most sensitive data, lock out legitimate users, and create ghost accounts and back doors that are not easily seen.

In our last post, we discussed the cybersecurity talent shortage and its impact on the IT industry. The enormous gap between the industry’s needs and the actual pool of qualified employees has left many IT departments and security teams with a shortage of qualified personnel, resulting in an overwhelming workload that only exacerbates security events and data breaches.

There have been a slew of major data breaches in recent years. The number of records exposed in data breaches last year alone reached 174.4 million—close to five times the 36.6 million records exposed in 2016, according to the Identity Theft Resource Center.

At the end of 2017, the first deadline passed to comply with a new set of federal regulations that will force colleges and universities that enter into contracts with federal agencies to tighten their cybersecurity practices. The Department of Education has made it clear that it will compel universities and colleges to comply with NIST’s Special Publication 800-171, which is designed to protect the confidentiality of controlled unclassified information (CUI).