Yesterday, we conducted an onsite survey of IT professionals attending the RSA Conference, being held this week at Moscone Center, San Francisco. The poll asked respondents how their companies secure applications and infrastructures in the age of access, and it revealed that only slightly more than half (55%) believe their company’s current technology investment ensures their company’s cybersecurity. This leaves about half of respondents with a lack of confidence in their own organization’s corporate security!
While this fact is startling, it shouldn’t be too surprising, since a recent Forrester study, commissioned by Centrify, confirms that in the past two years, two-thirds of companies experienced an average of five or more data breaches. With more and more data breaches reaching the headlines, companies need to ensure they have strong security measures in place that go beyond traditional measures like passwords. This is vital, since not only will employees lose confidence in their own organization, but customers will as well. In fact, a 2016 study commissioned by Centrify found that 66 percent of adults in the U.S. are at least somewhat likely to stop doing business with a company that has suffered a cyberbreach.
Time to Rethink Security
Organizations need to rethink their approach to security to regain the confidence of their employees and customers. Enterprises need to redefine security to follow identity – they need to protect identities as they access applications, devices, and infrastructure – both on-premises and in the cloud. As our onsite RSA survey shows, many organizations do not implement enough identity and access management (IAM) best practices for them to warrant a confident score.
Among 15 different IAM best practices, organizations are most likely to enforce single sign-on (68 percent), adaptive multi-factor authentication (43 percent) and least privileged access (44 percent). Organizations are least likely to enforce privileged session recording (13 percent), granular automatic deprovisioning across server and app accounts (12 percent), and privilege elevation management (8 percent).
Identity and Access Management Maturity Scores
Depending on the IAM best practices employed, respondents received an IAM maturity score – with level one being the least mature and level four being the most mature. Only twenty percent of respondents received a level four IAM maturity score, meaning they conduct audits with confidence and are, according to the Forrester study, fifty percent less likely to experience a breach and more likely to spend forty percent less on technology. The other eighty percent received a lower IAM maturity score, meaning they are much more likely to experience two times more breaches and $5 million more in costs.
The survey shows that a lack of confidence in corporate cybersecurity directly correlates to more organizations having a low maturity score. Eighty percent of organizations need to employ better IAM practices to stop the breaches now. If they do not, then they risk not only costing their company millions, but also losing customer trust and employee confidence. It doesn’t matter if you’re one of largest multinational technology companies, because no organization is immune to the threat of a data breach, or the consequences that follow. It is time to rethink your security and secure your enterprise identities today.
Learn how to rethink security with our new e-book, "Rethink Security: A Massive Paradigm Shift in the Age of Access."