survey - add iam to improve security
DESCRIPTION
SURVEY: Management of Access Privileges Cited as Critical to Reducing Risk and Increasing Security If you are a Chief Information Security Officer (CISO), chances are you may not be getting much sleep lately according to a recent survey of IT security executives at companies of 500 or more employees. The survey , conducted in March 2014 by Courion, a leading provider of intelligent identity and access management (IAM) solutions, revealed that 78 percent of respondents are anxious about the possibility of a breach at their organization. What’s more, IT security executives are increasingly aware that they are on the front line, maintaining brand equity and protecting customers’ privacy and personal data. 58.8 percent identified “protecting the privacy of our customers” as their primary goal in addressing a significant security breach, and 62.7 percent admitted they most fear “negative publicity affecting the company brand,” should a breach occur within their organization. “Our recent survey confirmed what we’ve been hearing from many customers over the past few years, the role of the senior IT security executive is consistently changing,” said Christopher Zannetos, president and CEO of Courion. “Not only are they thought of as the front line defense for protecting sensitive company and customer information, they also feel responsible for brand image and customer satisfaction. IT security cannot tackle all this alone, however. We believe, and this survey confirmed, that better employee education and management of user access can provide much needed support for the security team.” Respondents cited “managing user access” and “communicating or enforcing company policies” among top security priorities in 2014, but also believe other stakeholders may not consider the careful control of user access an important issue. For example, respondents said that while 95 percent of their IT security team considers preventing security breaches a serious issue, they believe only 45 percent of the employee base feels the same. Indifference at the employee level, lack of knowledge and malicious acts by trusted insiders can present a challenge for IT security, as evidenced by the 2014 Verizon Data Breach Investigations Report, which included “insider misuse” as one of the nine basic patterns that all breaches can be described by. Within this pattern, “privilege abuse” was the top threat action observed in 88 percent of security incidents. This is meaningful, since “Account Monitoring and Control”, “Controlled Access Based on the Need to Know” and “Controlled Use of Administrative Privileges”are three of the Top 20 Critical Security Controls recommended by the SANS Institute, one of the largest sources for information security training and security certification in the world. To learn more about how you can use intelligent identity and access management solutions as part of your security controls, contact 866.Courion or [email protected].TRANSCRIPT
Survey Results: IT Security Executives
Survey conducted in March 2014 by CourionAt companies of 500+ employees, all geographiesPolled over 4,000 IT security executivesResponse rate of 3 percent
IT Security Executives are Not Getting Much Sleep Lately . . .
78% are Anxious About a Possible Breach . . .
Source: Courion survey of 4,000+ IT security executives conducted in March 2014
With Good Reason: Breaches are on the Rise
Source: Risk Based Security, Open Security Foundation, February 2013
Source: PWC Global State of Information Security Survey, 2014
In Case You Need More Convincing . . .
IT Security Executive Becomes Brand Champion
IT Security Executive: the New Front Line for the Brand
If a breach occurred to your organization, what do you fear most?
Source: Courion survey of 4,000+ IT security executives conducted in March 2014
Aware of Possible Negative Media Fallout from a Breach
They Understand a Breach Could Damage Reputation
And Have a Material Effect on Stock Price
IT Security Executive as Key to Customer Privacy
They Know Job #1 is Protection of Customer Data
What is your #1 goal in addressing a significant security breach?
Source: Courion survey of 4,000+ IT security executives conducted in March 2014
2014 IT Security Priorities:Employee Education + Better Access Management
What do you feel should be the top security priority within your organization in 2014?
Source: Courion survey of 4,000+ IT security executives conducted in March 2014
Research Agrees on Need to Focus on Inside Threat:
Privilege Abuse Cited in 88% of Insider Misuse Cases
Source: Verizon Data Breach Investigatios Report 2014
Top 10 Threat Action Varieties Within Insider Misuse
So While Identity Management is Top of Mind for IT Security
Source: 451 Group
Employee Indifference May be a Challenge
Perhaps Not All Stakeholders Take Security SeriouslyDo you feel each of these stakeholders takes preventing security breaches seriously:
Source: Courion survey of 4,000+ IT security executives conducted in March 2014
Access Privileges Must Be Proactively Controlled,Abandoned Accounts Eliminated
Recommended Controls for Insider & Privilege Misuse - Verizon DBIR 2014
• Know your data and who has access to it• Review user accounts• Watch for data exfiltration• Publish audit results
Source: Verizon Data Breach Investigations Report 2014
So What Can You Do?Make
Identity & Access Managementpart of
Your Security Strategy
Improve Security with Identity & Access Management
Source: SANS.org
Recommendations for Access Control:
Visa Data Security Alert, August 2013
• Create segregation of duties (SoD) policies betweenpayment and non-payment application access
• Apply access controls lists segmenting public facing andbackend database systems
• Assign strong passwords to prevent application modification
• Implement least privileges and access control listson users and applications
• Limit administrative privileges on users and applications
• Use intelligence to analyze and uncover malicious behavior
Source: VISA Data Security Alert August 2013 http://usa.visa.com/download/merchants/Bulletin__Memory_Parser_Update_082013.pdf
Thank You.
To Learn More:866.Courion
Improve Security with Identity & Access Management