A recent study by PwC revealed that UK firms are victims of more cyber security incidents than their global counterparts, with almost two-thirds of British businesses (69%) having experienced security breaches in the past 12 months, compared to 59% globally. The findings also revealed that almost a third of British companies (30%) are failing to detect security breaches, suggesting that many organisations are in the dark when it comes to managing cyber security incidents.
The data highlights a worrying issue that’s sure to have been keeping IT managers and CISOs awake at night – namely that the majority of organisations lack a real time insight into security and access risk, making it difficult to track and detect suspicious activities and turning data security into a nightmare.
These concerns are further exacerbated by the growing demand of employees and customers for immediate access to data and applications, at any time, and on any device. As organisations open their networks to an increasing number of people and devices, the universe of user identities and access points is increasing exponentially. With data spread across multiple environments and an ‘always on’ demand for constant multichannel access to information, it’s not surprising that many businesses are struggling to secure their data.
On top of this, CISOs and IT managers are facing additional challenges from employees with poor data privacy habits that can easily turn voluntary or involuntary lack of compliance with internal security policies into a major security disaster for the business. We recently did a study of the data privacy habits of office workers in the UK and the findings revealed that 21% of employees said they would snoop on sensitive data at work and a third would access or download information from a previous employer using an old password. An even larger proportion of the respondents (39%) admitted that they regularly share login details with employees.
So it turns out that internal actors can potentially play a key role in causing security breaches. But how can CISOs and IT managers respond to these internal and external threats and regain some peace of mind about their security strategy?
The first step to addressing security challenges is by understanding potential risks and how access to data is being governed and monitored within the organisation. Using identity data to get insights into these issues is key in achieving this. This ‘identity intelligence’ approach allows business to continuously monitor, analyse and assess multiple access risk factors and help them to provision smarter access risk management, identifying and eliminating emerging threats to the business before they can cause harm the company.
This is where data analytics tools that can monitor user access relationships and analyse access risk factors in real time will become essential in helping organisations understand access risk and tackle the security challenges that today’s businesses face.
By monitoring how users are accessing, sharing and using sensitive data in real time, IT managers will be able to easily spot abnormal activities and address security concerns before they have turned into a major problem, allowing organisations to get a clear view into where their greatest security vulnerabilities lie. This approach enables IT managers to look at patterns that reveal unusual activities and uncover abandoned or orphan accounts as well as accounts with excess access and nested entitlements that may point to segregation of duty issues.
As today’s organisations need to adapt to a fast paced, dispersed and constantly changing business environment, CISOs and IT managers need to adopt an access risk management approach that enables IT systems to provide continuous assurance against existing and potential threats. Real time access risk intelligence is an effective way to tackle these challenges and ensure that security risk is kept to a minimum.
Article written by Courion. Courion are exhibiting today at Identity Management 2014, Hotel Russell, London. Find them in the networking area to chat about how they can help your enterprise.