Enterprise security isn’t working -TEISS® : Cracking Cyber Security
Analysis / Enterprise security isn’t working
15 February 2017
Organisations are spending $75 billion on security, yet data breaches are continuing at an alarming rate
A new Forrester study has revealed the enterprise security industry is failing, with organisations being breached at an alarming rate.
- Two-thirds of organisations have experienced an average of five or more security breaches in the past 2 years
- Hackers compromised more than 1 billion identities in 2016
Traditional approaches are clearly not working. Why is this? For years organisations have relied on defending a well defined boundary to protect their information and IT system assets. But new technologies such as cloud computing, mobile and home based working practices have rendered that approach ineffective. The boundary has simply disappeared.
So without a boundary, how can organisations defend themselves? One part of the answer is Identity and Access Management (IAM). Unfortunately most organisations don’t have effective IAM and inevitably this leads to more breaches and higher costs.
Is IAM so effective? Forrester certainly think so. Their study showed that:
- Organisations with the highest level of IAM maturity are 46% less likely to suffer a server or application breach, 51% less likely to suffer a database breach and 63% less likely to suffer cloud infrastructure breach
- Securing privileged access is key: Forrester estimate that 80% of security breaches involve privileged credentials, typically those belonging to the IT professionals
- Counter-intuitively, companies with a mature approach to IAM spend 40% less on IAM technology as a percentage of their entire budget, delivering average cost savings of $2,582,000; they do this by eliminating redundant IAM technologies
While IAM is certainly not the only answer to cyber security – other areas such as usability, data classification and organisational culture also have major parts to play – it is a conceptually simple strategy that clearly pays dividends.
Head of consulting at TEISS
Jeremy is a highly experienced author, trainer and consultant who has worked in digital strategy, marketing and cyber security for 25 years. His special area of interest is how people engage with technology, sometimes known as “human factors”