The Cyberthreat Defense Report shares among the IT security community information on how organizations are fairing. Of the 1,000 survey participants, 40% were from North America, 30% from Europe, 20% from Asia Pacific, and 10% from Latin America. For respondents, 40% were senior executives; 25% focused on security operations, and 20% acted as security architects. Participants were also equally distributed across the major industries.
According to responses, organizations suffering at least one successful attack in the past 12 months reached 75%. More than half (52%) reported one to five cyber attacks. With such bleak news, it’s not surprising. 62% anticipate their organization will be breached this year.
Predictably, employees, or more accurately users, are pointed to in blame. For the third year, users were identified as the greatest security inhibitor. It’s ironic how quickly respondents passed the buck. Maybe they were concurrently preparing for their boardroom review.
Before going further, let’s not neglect the harsh realities of our times. While hacking gets easier, an enterprise’s attack surface grows daily. No longer is IT merely responsible for systems under its controls. IT must now support BYOD policies, enable cloud apps, and secure outsider access.
Cyberthreat Findings of Interest
Somewhat unexpected, respondents reported no difference in securing on-premise applications compared to SaaS. Mobile devices, particularly BYOD policies, topped the list of greatest security challenge. Organizations with over 10,000 employees are attacked twice as frequent. For good reason, three-quarters of IT security budgets are projected to increase.
In spite of growing risks, responses indicate continued investment in conventional tactics. Even though, nine out of 10 recognize anti-malware solutions provide incomplete protection. When rating inhibitors, security professionals see people, time and money as culprits. Respondents selected the following barriers as their top inhibitors:
- Low Security awareness among users
- Too much data to analyze
- Lack of skilled security personnel
- Lack of budget
Nevertheless, the report reveals. A more sensible strategy exists. By reducing an enterprise’s attack surface first, cost savings are realized. This freed capital can then be invested in detection and response capabilities.
Mitigating User Access Risks
Respondents acknowledged restricting users is less important then finding, stopping and preventing unauthorized access. This involves leveraging identity and access management to implement a least-privileges policy. This investment needs to include capabilities for monitoring privileged users. Reinforcing the necessity, only 30% expressed confidence in their monitoring of privileged users.
In examining access risks, the report rightfully doesn’t stop with privileged users. Privileged user accounts certainly represent a significant organizational risk. The report cites more than half of web application attacks leveraged stolen credentials. These compromised user credentials were collected from sophisticated spoofing and spear phishing.
For this reason, the 2016 Cyberthreat Defense Report concludes:
|As a result, it’s not just protection and monitoring of privileged users/accounts that IT security teams need to be concerned with, but ultimately all users and their accounts.
Credential theft leads to more data breaches than any other cause. IT security needs users to help reduce its attack surface. To extend capabilities, organizations must invest in user awareness training and tools. Rather than weak links, users must be part of the solution. For persistent threats, security requires business users and their managers to contribute.
The Defense report reinforces the security value of identity and access management. To remove risks, security must assert controls based on least-privileges over users. To lower identity and access management risks, success relies on holistic defenses. Moreover, with IT security a boardroom topic, users are longer to blame. Instead, the new IT security paradigm— success, depends on user-centric engagement.
Begin your identity management initiative by following what corporate compliance experts recommend for the workflow automation of businesses processes, self-service administration and IT operations.