2016 saw hackers gain a hold of over a billion identities, with occurrences of data breaches continuing to rise. Two-thirds of companies admit to having been breached five times on average over a two-year period. With statistics like this continuing to highlight the industries failures, it is clear that the billions of pounds invested by CIOs into cyber security are not as effective as expected. These measures are in fact undercut by mistakes in our approach to a much more fundamental aspect of our online security: passwords. In fact, data shows that over 60% of incursions on private data are driven by stolen passwords, making preparation for this event a fundamental step in building up cyber security.
Accounts under attack
Passwords are particularly prone to compromise by their association with natural human error. Phishing attacks and information stealing malware can give attackers the keys to the company’s front door. Control over the most privileged, administrative IT accounts is particularly prized, offering as they do unrestricted access to near endless stores of customer and IP data. It has been estimated by Forrester that 80% of companies’ data breaches involve the exploitation of these log-ins.
A fresh approach
Attempts to improve data security must as a result focus on improving IAM programmes. One simple way of reducing the attack surface of a corporation is to limit the number of privileged accounts. This move will limit lateral movement across the company’s internal network, with employees only granted the privileges relevant to their job, attackers will be quarantined with less tools to work with in the event that they do get inside the network.
With Forrester claiming that higher IAM maturity can half the number of data breaches suffered by the weakest organisations, the safety and economic benefits of a fresh perspective on passwords and privileges are obvious.