A recent survey conducted by Accenture found that over the past year, roughly one in three targeted attacks resulted in an actual security breach. When you consider that the average company faces more than one hundred focused attacks launched against them every year, these numbers are alarming. This equates to more than 30 successful data breaches every year against a single company, with just one data breach having the potential to result in millions of dollars in losses.
If these numbers weren’t worrisome enough, Accenture found that these successful attacks were launched against companies that had significant security controls in place. These were companies that thought they were protected.
Misconceptions at the highest levels
Despite evidence to the contrary, three out of four security executives who responded to the Accenture survey feel confident in their ability to protect their enterprises against the rising flood of attacks. Yet, that is not the most startling statistic that came from the survey. What is more troubling is that, while respondents agree that internal breaches have the greatest impact, 58 percent still prioritize their efforts and budget on perimeter security controls, instead of addressing the higher-risk internal threat. If given additional dollars to spend on security, up to 54 percent would spend those extra dollars on more of the same things they are currently doing.
The truth is, the old way of thinking has to go if you are to become serious about security. The mindset now needs to be to assume that attackers are already in your systems. Evidence shows this, and it needs to be addressed—by limiting access to key information in your organization.
The more control you have over who has access to sensitive and confidential data, the more control you have over how much damage can be done when a user account is used for malicious activity. Not only does this protect your data against insider threats, but less damage is done when a targeted attack is successful. Because remediation and loss of business are two of the biggest costs you will face after a data breach, being able to limit what is leaked can keep your business moving.
Modern identity and access management (IAM) solutions help limit who has access to data in your organization. While there are some who believe that their single sign-on solution is an IAM solution, a full IAM solution provides much more:
- Time-based access limits permissions for privileged accounts.
- Provisioning of accounts is easier through automation that removes human errors so that correct privileges are assigned.
- Deprovisioning is easy and complete. All accounts are automatically revoked when an employee is removed from the system of record.
- User accounts for contingent workers are easily provisioned with the proper access, and this is often managed by the hiring manager. There is no need for ad-hoc workarounds while these external workers wait for account setup and configuration.
- One-size fits all approaches to multi-factor authentication (MFA) become unnecessary. MFA can be set depending on the person, the origin of the log-in, the device used, the hours that the login takes place, or the data that the user is trying to access.
Security won’t become any better until decision-makers understand the source of threats. While it is important to secure the perimeter, you need to start looking inside of your organization as well. Monitoring for unusual activity and ensuring that only the necessary people have access to sensitive information can minimize the damage that attackers already lurking within your systems will cause.