Our initial IT security predictions point to fewer incidents producing greater damage in 2016. This trend begs for an explanation. With fewer breaches costing more, security attacks take on enhanced sophistication. As BYOD and cloud apps reach the workplace, organizations find themselves unprepared.
Similar to our first four predictions, not all organizations fall victim. To combat threats, secure enterprises leverage SMS and low-cost multifactor authentication alternatives. They adopt web access single sign-on to secure cloud and SaaS apps. And, they rely on identity management to addresses password vulnerabilities and the growing security talent deficit.
Keep reading to find out what to expect and where to focus in 2016.
5. Password Failure
Prediction: Passwords remain a vulnerability root cause as secure enterprise fortify Active Directory and default password policies.
Nation states are building massive databases with multiple types of data. Insurance, healthcare, credit card, and financial profiles are being built. No longer is data simply stolen. It’s now collected and used against you in sophisticated phishing and targeted attacks. To prevent persistent and advanced threats, security foundations cannot depend solely on IT.
The Verizon 2015 Data Breach Investigations Report warns 80% of security incidents stem from weak passwords. Considering results published in the 2015 Trustwave Global Security Report, it seems accurate. Trustwave reports 77% of cracked passwords met Active Directory’s default password complexity policy.
6. Security Awareness Rising
Prediction: Leading enterprises build on security awareness by empowering business users with self-service IAM solutions.
A top organizational challenge relates to making people aware they are targets. The Verizon
2015 Data Breach Investigations Report indicates 90% of security incidents target human vulnerabilities. Empirical data shows human awareness, intelligence and engagement lower risks. At the same time, the SANS Securing The Human 2015 Security Awareness Report found awareness programs fail mostly from insufficient support.
To successfully prevent, detect and respond, security must extend beyond IT. In a persistent threat environment, security awareness alone does not suffice. In 2016, secure enterprises elevate an organization’s security by empowering business users with self-service access certification, attestation, governance, and compliance review solutions.
7. Security Talent Breach
Prediction: The security talent deficit among women and underrepresented groups drives organizations to automate identity lifecycle operations.
The #ILookLikeAnEngineer viral campaign elevated the discussion of workplace stereotypes. Although enlightening, an upsetting truth surfaced. Women remain highly underrepresented in computer science and electrical engineering. Even more alarming, the Hanover Research Women in Engineering: Trend Analysis & Program Scan shows each year since 2000 a decreasing number of engineering degrees awarded to women.
In the workplace, the percentage of women programmers, network engineers and security professionals is shrinking as well. Our failure to attract and develop women to the security profession is contributing to a looming national crisis. To counter the talent shortage, IT organizations must seek opportunities to automate security controls.
8. Healthcare IT Biggest Loser
Prediction: State sponsored and organized crime continue with persistent targeted attacks that ransack Healthcare IT for PHI.
The Identity Theft Resource Center (ITRC) tracks security breaches for patterns, trends, and information. Events are categorized into the industries: Business, Finance, Education, Government, and Healthcare. The 2015 ITRC Data Breach Report calculates 66.7% of all compromised records occurred in Healthcare. The industry relinquished more records than all others combined. In their defense, Healthcare presents a bigger target. They experience more persistent and sophisticated phishing and man-in-the-middle attacks. Why is this so?
Symantec’s 2015 Internet Security Threat Report reveals the answer. In the underground economy, Personal Health Information (PHI) retrieves the highest price. Where records from other industries trade at fifty cents to a dollar, PHI is valued exponentially higher. The difference and higher value reinforces the urgency for healthcare IT to secure user access with identity management controls.
The numerous avenues for comprises make security a predicament in 2016. Take action to defend your organization. To do so, you must understand your vulnerabilities and security attack vectors. You must empower users to take action on behalf of the enterprise. All the time ensuring, you put suitable identity management controls in place. Good luck in the coming year— Your security matters!
Get the Top 10 Identity Manager Migration Best Practices Workbook
Don’t fall victim to our IT security predictions. Start your migration from legacy software with the Top 10 Identity Manager Migration Best Practices Workbook. Use this workbook to think through your information security risk before you transition to next generation identity manager software.