Skip to content
Advertisements

Posts from the ‘Centrify’ Category

74% Of Data Breaches Start With Privileged Credential Abuse

Centrify’s survey shows organizations are granting too much trust and privilege, opening themselves up to potential internal and externally-driven breaches initiated with compromised privileged access credentials. Photo credit: iStock

Enterprises who are prioritizing privileged credential security are creating a formidable competitive advantage over their peers, ensuring operations won’t be interrupted by a breach. However, there’s a widening gap between those businesses protected from a breach and the many who aren’t. In quantifying this gap consider the typical U.S.-based enterprise will lose on average $7.91M from a breach, nearly double the global average of $3.68M according to IBM’s 2018 Data Breach Study.

Further insights into how wide this gap is are revealed in Centrify’s Privileged Access Management in the Modern Threatscape survey results published today. The study is noteworthy as it illustrates how wide the gap is between enterprises’ ability to avert and thwart breaches versus their current levels of Privileged Access Management (PAM) and privileged credential security. 74% of IT decision makers surveyed whose organizations have been breached in the past, say it involved privileged access credential abuse, yet just 48% have a password vault, just 21% have multi-factor authentication (MFA) implemented for privileged administrative access, and 65% are sharing root or privileged access to systems and data at least somewhat often.

Addressing these three areas with a Zero Trust approach to PAM would make an immediate difference in security.

“What’s alarming is that the survey reveals many organizations, armed with the knowledge that they have been breached before, are doing too little to secure privileged access. IT teams need to be taking their Privileged Access Management much more seriously, and prioritizing basic PAM strategies like vaults and MFA while reducing shared passwords,” remarked Tim Steinkopf, Centrify CEO. FINN Partners, on behalf of Centrify, surveyed 1,000 IT decision makers (500 in the U.S. and 500 in the U.K.) online in October 2018. Please see the study here for more on the methodology.

How You Choose To Secure Privileged Credentials Determines Your Future 

Identities are the new security perimeter. Threats can emerge within and outside any organization, at any time. Bad actors, or those who want to breach a system for financial gain or to harm a business, aren’t just outside. 18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000, and 24% of employees know of someone who has sold privileged credentials to outsiders, according to a recent Accenture survey.

Attackers are increasingly logging in using weak, stolen, or otherwise compromised credentials. Centrify’s survey underscores how the majority of organizations’ IT departments have room for improvement when it comes to protecting privileged access credentials, which are the ‘keys to the kingdom.’ Reading the survey makes one realize that forward-thinking enterprises who are prioritizing privileged credential security gain major cost and time advantages over their competitors. They’re able to keep their momentum going across every area of their business by not having to recover from breaches or incur millions of dollars on losses or fines as the result of a breach.

One of the most promising approaches to securing every privileged identity and threat space within and outside an organization is Zero Trust Privilege (ZTP). ZTP enables an organizations’ IT team to grant least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment.

Key Lessons Learned from the Centrify Survey

How wide the gap is between organizations who see identities as the new security perimeter and are adopting a Zero Trust approach to securing them and those that aren’t is reflected in the results of Centrify’s Privileged Access Management in the Modern Threatscape surveyThe following are the key lessons learned of where and how organizations can begin to close the security gaps they have that leave them vulnerable to privileged credential abuse and many other potential threats:

  • Organizations’ most technologically advanced areas that are essential for future growth and attainment of strategic goals are often the most unprotected. Big Data, cloud, containers and network devices are the most important areas of any IT infrastructure. According to Centrify’s survey, they are the most unprotected as well. 72% of organizations aren’t securing containers with privileged access controls. 68% are not securing network devices like hubs, switches, and routers with privileged access controls. 58% are not securing Big Data projects with privileged access controls. 45% are not securing public and private cloud workloads with privileged access controls. The study finds that UK-based businesses lag U.S.-based ones in each of these areas as the graphic below shows:

  • Only 36% of U.K. organizations are very confident in their company’s current IT security software strategies, compared to 65% in the U.S. The gap between organizations with hardened security strategies that have a higher probability of withstanding breach attempts is wide between U.K. and U.S.-based businesses. 44% of U.K. respondents weren’t positive about what Privileged Access Management is, versus 26% of U.S. respondents. 60% of U.K. respondents don’t have a password vault.

  • Just 35% of U.S. organizations and 30% of those in the UK are relying on Privileged Access Management to manage partners’ access to privileged credentials and infrastructure. Partners are indispensable for scaling any new business strategy and expanding an existing one across new markets and countries. Forward-thinking organizations look at every partner associates’ identity as a new security perimeter. The 35% of U.S.-based organizations doing this have an immediate competitive advantage over the 65% who aren’t. By enforcing PAM across their alliances and partnerships, organizations can achieve uninterrupted growth by eliminating expensive and time-consuming breaches that many businesses never fully recover from.
  • Organizations’ top five security projects for 2019 include protecting cloud data, preventing data leakage, analyzing security incidents, improving security education/awareness and encrypting data. These top five security projects could be achieved at scale by having IT teams implement a Zero Trust-based approach to Privileged Access Management (PAM). The time, cost and scale advantages of getting the top five security projects done using Zero Trust would free up IT teams to focus on projects that deliver direct revenue gains for example.

Conclusion

Centrify’s survey shows organizations are granting too much trust and privilege, opening themselves up to potential internal and externally-driven breaches initiated with compromised privileged access credentials. It also reveals that there is a strong desire to adhere to best practices when it comes to PAM (51% of respondents) and that the reason it is not being adequately implemented rarely has to do with prioritization or difficulty but rather budget constraints and executive buy-in.

The survey also shows U.K. – and U.S.-based organizations need to realize identity is the new security perimeter. For example, only 37% of respondents’ organizations are able to turn off privileged access for an employee who leaves the company within one day, leaving a wide-open exposure point that can continue to be exploited.

There are forward-thinking organizations who are relying on Zero Trust Privilege as a core part of their digital transformation efforts as well. The survey found that given a choice, respondents are most likely to say digital transformation (40%) is one of the top 3 projects they’d prefer to work on, followed by Endpoint Security (37%) and Privileged Access Management (28%). Many enterprises see digital transformation’s missing link being Zero Trust and the foundation for redefining their businesses by defining every identity as a new security perimeter, so they can securely scale and grow faster than before.

Advertisements

Digital Transformation’s Missing Link Is Zero Trust

    • Enterprises will invest $2.4T by 2020 in digital transformation technologies including cloud platforms, cognitive systems, IoT, mobile, robotics, and integration services according to the World Economic Forum.
    • Digital transformation software and services revenue in the U.S. is predicted to reach $490B in 2025, soaring from $190B in 2019, attaining a Compound Annual Growth Rate (CAGR) of 14.49% according to Grand View Research published by Statista.
    • IDC predicts worldwide spending on the technologies and services that enable the digital transformation of business practices, products, and organizations will reach $1.97T in 2022.
    • Legacy approaches to Privileged Access Management (PAM) don’t protect the new threatscapes digital transformation initiatives create, making Zero Trust Privilege essential for enterprises.

B2B customers, including manufacturers looking to replace legacy production equipment with smart, connected machines, have high expectations when it comes to product quality, ease of integration, and intuitive user experiences. Replacing factories full of legacy assets with smart, connected machinery is one of the most powerful catalysts driving digital transformation today. Innovative smart, connected machinery and the performance gains they provide are the oxygen that keeps customer relationships alive. That’s why digital transformation forecasts from the World Economic Forum, Grand View ResearchIDC, and many others predict perennial growth. The many forecasts reflect a fundamental truth: digital transformation done with intensity creates a customer-driven renaissance for any business.

Businesses digitally transforming themselves are succeeding because they’ve made themselves accountable and transparent to customers. Earning and protecting that trust is the heartbeat of any business’ growth. 51% of enterprises invest in digital transformation to capture growth opportunities in new markets, with 46% investing to stay in front of evolving customer behaviors and preferences. Brian Solis’ excellent report, The State of Digital Transformation, 2018 – 2019 Edition (31 pp., PDF, opt-in) shows how digitally transforming any business with the customer first leads to greater growth. The graphic from his study illustrates this point:

 

Closing The Digital Transformation Gap With Zero Trust

Gaps exist between the results digital transformation initiatives are delivering today, and the customer-driven value they’re capable of. According to Gartner, 75% of digital transformation projects are not aligned internally today, leading to delayed new product launches, mediocre experiences, and greater security risks than ever before. Interactive, IoT-enabled experiences and products are expanding the threatscape of enterprises to include Big Data, cloud, containers, DevOps, IoT systems, and more. With that comes a host of new exposure points, many of which allow access to sensitive data that must be protected with modern Privileged Access Management solutions that reduce risk in these modern enterprise use cases.

The new security perimeter is identity. Forrester estimates that 80% of data breaches are caused by privileged access abuse. Every smart, connected machine that replaces legacy production equipment is another identity that defines a manufacturer’s security perimeter.

As the use cases and adoption of smart, connected machines proliferate, so too does the urgency that manufacturers need to replace their legacy approaches to Privileged Access Management (PAM). Relying on outdated strategies for protecting administrative access to all machines needs to be replaced with a “never trust, always verify, enforce least privilege” approach.

IT needs to improve how they’re protecting the most privileged access credentials, the ‘keys to the kingdom,’ by granting just-enough, just-in-time privilege. Of the many cybersecurity approaches available today, Zero Trust Privilege (ZTP) enables IT to grant least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment.

The more diverse any digital transformation strategy, the greater the risk of privileged credential abuse. Thwarting privileged credential abuse needs to start with a least privilege access approach, minimizing each attack surface, improving audit and compliance visibility while reducing risk, complexity, and costs. Leaders in Zero Trust include CentrifyMobileIronPalo Alto Networks, and others. Of these companies, Centrify’s approach to Zero Trust to prevent privileged access abuse shows the greatest potential for securing digital transformation initiatives and strategies.

How To Secure Digital Transformation Strategies

IDG Research found in their Security Priorities for 2018 study that 71% of security-focused IT decision-makers are aware of the Zero Trust model and 18% of enterprises are either running pilots or have implemented Zero Trust.

Zero Trust Privilege (ZTP) is the force multiplier digital transformation initiatives need to reach their true potential by securing administrative access to the complex mix of machinery and infrastructure – and the sensitive data they hold and use – that manufacturers rely on daily.

Starting with a strategic perspective, ZTP’s contribution to securing digital transformation deployments apply to every area of planning, pilots, platforms, product, and service data being designed to stop the leading cause of breaches, which is privileged credential abuse. The following graphic illustrates how ZTP needs to span every aspect of an enterprise’s digital transformation capabilities.

Source: World Economic Forum, Digital Transformation Initiative, May 2018

Conclusion

By 2020, 30% of Global 2000 companies will have allocated capital budget equal to at least 10% of revenue to fuel their digital transformation strategies according to IDC.  European spending on technologies and services that enable the digital transformation of business practices, products, and organizations is forecasted to reach $378.2B in 2022. The perennial growth these forecasts promise is predicated on enterprises delivering new experiences and innovative products, which create the oxygen that keeps their customer relationships alive.

Amidst all the potential for growth, enterprises need to realize every new infrastructure element, machine, or connected production asset is a new identity that collectively comprises the fabric of their security perimeter. Legacy cybersecurity approaches won’t scale to protect the proliferating number of smart machines being put into use today. Relying entirely on legacy approaches to PAM, where privileged access to systems and resources only inside the network are secure, is failing today. Smart, connected machinery and the products and experiences they deliver require an entirely new cybersecurity strategy, one based on a “never trust, always verify, enforce least privilege” approach. Centrify Zero Trust Privilege shows potential to meet this challenge by granting least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment.

6 Best Practices For Increasing Security In AWS In A Zero Trust World

  • Amazon Web Services (AWS) reported $6.6B in revenue for Q3, 2018 and $18.2B for the first three fiscal quarters of 2018.
  • AWS revenue achieved an impressive 46% year-over-year net sales growth between Q3, 2017 and Q3, 2018 and 49% year-over-year growth for the first three quarters of the year.
  • AWS’ 34% market share is bigger than its next four competitors combined with the majority of customers taken from small-to-medium sized cloud operators according to Synergy Research.
  • The many announcements made at AWS Re:Invent this year reflect a growing focus on hybrid cloud computing, security, and compliance.

Enterprises are rapidly accelerating the pace at which they’re moving workloads to Amazon Web Services (AWS) for greater cost, scale and speed advantages. And while AWS leads all others as the enterprise public cloud platform of choice, they and all Infrastructure-as-a-Service (IaaS) providers rely on a Shared Responsibility Model where customers are responsible for securing operating systems, platforms and data.  In the case of AWS, they take responsibility for the security of the cloud itself including the infrastructure, hardware, software, and facilities. The AWS version of the Shared Responsibility Model shown below illustrates how Amazon has defined securing the data itself, management of the platform, applications and how they’re accessed, and various configurations  as the customers’ responsibility:

Included in the list of items where the customer is responsible for security “in” the cloud is identity and access management, including Privileged Access Management (PAM) to secure the most critical infrastructure and data.

Increasing Security for IaaS in a Zero Trust World

Stolen privileged access credentials are the leading cause of breaches today. Forrester found that 80% of data breaches are initiated using privileged credentials, and 66% of organizations still rely on manual methods to manage privileged accounts. And while they are the leading cause of breaches, they’re often overlooked — not only to protect the traditional enterprise infrastructure — but especially when transitioning to the cloud.

Both for on-premise and Infrastructure-as-a-Service (IaaS), it’s not enough to rely on password vaults alone anymore. Organizations need to augment their legacy Privileged Access Management strategies to include brokering of identities, multi-factor authentication enforcement and “just enough, just-in-time” privilege, all while securing remote access and monitoring of all privileged sessions. They also need to verify who is requesting access, the context of the request, and the risk of the access environment. These are all essential elements of a Zero Trust Privilege strategy, with Centrify being an early leader in this space.

6 Ways To Increase Security in AWS

The following are six best practices for increasing security in AWS and are based on the Zero Trust Privilege model:

  1. Vault AWS Root Accounts and Federate Access for AWS Console

Given how powerful the AWS root user account is, it’s highly recommended that the password for the AWS root account be vaulted and only used in emergencies. Instead of local AWS IAM accounts and access keys, use centralized identities (e.g., Active Directory) and enable federated login. By doing so, you obviate the need for long-lived access keys.

  1. Apply a Common Security Model and Consolidate Identities

When it comes to IaaS adoption, one of the inhibitors for organizations is the myth that the IaaS requires a unique security model, as it resides outside the traditional network perimeter. However, conventional security and compliance concepts still apply in the cloud. Why would you need to treat an IaaS environment any different than your own data center? Roles and responsibilities are still the same for your privileged users. Thus, leverage what you’ve already got for a common security infrastructure spanning on-premises and cloud resources. For example, extend your Active Directory into the cloud to control AWS role assignment and grant the right amount of privilege.

  1. Ensure Accountability

Shared privileged accounts (e.g., AWS EC2 administrator) are anonymous. Ensure 100% accountability by having users log in with their individual accounts and elevate privilege as required. Manage entitlements centrally from Active Directory, mapping roles, and groups to AWS roles.

  1. Enforce Least Privilege Access

Grant users just enough privilege to complete the task at hand in the AWS Management Console, AWS services, and on the AWS instances. Implement cross-platform privilege management for AWS Management Console, Windows and Linux instances.

  1. Audit Everything

Log and monitor both authorized and unauthorized user sessions to AWS instances. Associate all activity to an individual, and report on both privileged activity and access rights. It’s also a good idea to use AWS CloudTrail and Amazon CloudWatch to monitor all API activity across all AWS instances and your AWS account.

  1. Apply Multi-Factor Authentication Everywhere

Thwart in-progress attacks and get higher levels of user assurance. Consistently implement multi-factor authentication (MFA) for AWS service management, on login and privilege elevation for AWS instances, or when checking out vaulted passwords.

Conclusion

One of the most common reasons AWS deployments are being breached is a result of privileged access credentials being compromised. The six best practices mentioned in this post are just the beginning; there are many more strategies for increasing the security in AWS.  Leveraging a solid Zero Trust Privilege platform, organizations can eliminate shared Amazon EC2 key pairs, using auditing to define accountability to the individual user account level, execute on least privilege access across every login, AWS console, and AWS instance in use, enforce MFA and enable a common security model.

How To Protect Healthcare Records In A Zero Trust World

  • There’s been a staggering 298.4% growth in the reported number of patient records breached as a result of insider-wrongdoing this year alone according to Protenus.
  • The total disclosed number of breached patient records has soared from 1.1M in Q1 2018 to 4.4M in Q3 2018 alone, 680K of which were breached by insiders.
  • There were 117 disclosed health breaches in the last 90 days alone.
  • On average it’s taking 402 days to discover a healthcare provider has been breached.

Diagnosing Healthcare’s Breach Epidemic

Using access credentials stolen from co-workers or stolen laptops, unethical healthcare insiders are among the most prolific at stealing and selling patient data of any insider threat across any industry. Accenture’s study, “Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workforce Survey on Cybersecurity,” found that the most common ways healthcare employees financially gain from stealing medical records is to commit tax return and credit card fraud.

Treating healthcare’s breach epidemic needs to start by viewing every threat surface, access point, identity, and login attempt as the new security perimeter. Healthcare providers urgently need to take a “never trust, always verify” approach, adopting  Zero Trust Security to protect every threat surface using Next-Gen Access for end-user credentials and Privileged Access Management (PAM) for privileged credentials. One of the leaders in Next-Gen Access is Idaptive, a newly created spin-off of Centrify. Centrify itself is offering Zero Trust Privilege Services helping over half of the Fortune 100 to eliminate privileged access abuse, the leading cause of breaches today. Centrify Zero Trust Privilege grants least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment.

18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000, according to a recent Accenture study. 24% of employees know of someone who has sold access to patient data to outsiders. 58% of all healthcare breaches are initiated by insiders. Confidential patient diagnosis, treatment, payment histories, and medical records are the most valuable on the Dark Web, selling for as much as $1,000 per record according to Experian.

Key insights from Protenus’ Breach Barometer illustrate how healthcare’s breach epidemic is growing exponentially:

  • There’s been a staggering 298.4% growth in the number of patient records breached as a result of insider-wrongdoing this year alone. In Q1 of this year, there were 4,597 patient records exfiltrated by insider wrong-doing, jumping to 70,562 in Q2 and soaring to 290,689 in Q3. Healthcare insiders can easily thwart healthcare systems’ legacy security approaches today by using compromised access credentials. Zero Trust Security, either in the form of Next-Gen Access for end-user credentials or Zero Trust Privilege for privileged access credentials has the potential to stop this

  • The total number of breached patient records has soared from 1.1M in Q1 of this year to 4.4M in Q3, a 58.7% jump in less than a year. Protenus found a total of 117 incidents were disclosed to U.S. Department of Health and Human Services (HHS) or the media in Q3 2018 alone. Details were disclosed for 100 of these incidents, affecting 4,390,512 patient records, the highest level ever recorded. Jumping from 1.1M medical records in Q1 to 4.4M in Q3, healthcare providers could easily see over 6.5M records breached in Q4 2018 alone.

  • Hackers targeted healthcare systems aggressively in Q3 of this year, exfiltrating 3.6M patient records in just 90 days. Compromised access credentials are hackers’ favorite technique for exfiltrating massive quantities of medical records they resell on the Dark Web or use to commit tax and credit card fraud. Healthcare providers need to minimize their attack surfaces, improve audit and compliance visibility, reduce risk, complexity, and costs across their modern, hybrid enterprises with Zero Trust. Healthcare providers need to shut down hackers now, taking away the opportunities they’re capitalizing on to exfiltrate medical records almost at will.
  • It takes 71 days on average for healthcare providers to realize their data is breached with one breach lasting over 15 years. Protenus found a wide variation in the length of time it takes healthcare providers to realize they’ve been breached and one didn’t know until 15 years after the initial successful breach. All breaches tracked by Protenus found that the insiders and/or hackers were successful in gaining access to a wealth of patient information including addresses, dates of birth, medical record numbers, healthcare providers, visit date, health insurance information, financial histories, and payment information.

Conclusion

Zero Trust is the antidote healthcare needs to treat its raging breach epidemic.  It’s exponentially growing as insiders’ intent on wrongdoing turn to exfiltrating patients’ data for personal gain. Hackers also find healthcare providers’ legacy systems among the easiest to access using stolen access credentials, exfiltrating millions of records in months. With every new employee and device being a new security perimeter on their networks, the time is now for healthcare providers to discard the old model of “trust but verify” which relied on well-defined boundaries. Zero Trust mandates a “never trust, always verify” approach to access, from inside or outside healthcare providers’ networks.

High-Tech’s Greatest Challenge Will Be Securing Supply Chains In 2019

Bottom Line: High-tech manufacturers need to urgently solve the paradox of improving supply chain security while attaining greater visibility across supplier networks if they’re going make the most of smart, connected products’ many growth opportunities in 2019.

The era of smart, connected products is revolutionizing every aspect of manufacturing today, from suppliers to distribution networks. Capgemini estimates that the size of the connected products market will be $519B to $685B by 2020. Manufacturers expect close to 50 percent of their products to be smart, connected products by 2020, according to Capgemini’s Digital Engineering: The new growth engine for discrete manufacturers. The study is downloadable here (PDF, 40 pp., no opt-in).

Smart, connected products free manufacturers and their supply chains from having to rely on transactions and the price wars they create. The smarter the product, the greater the services revenue opportunities. And the more connected a smart product is using IoT and Wi-Fi sensors the more security has to be designed into every potential supplier evaluation, onboarding, quality plan, and ongoing suppliers’ audits. High-tech manufacturers are undertaking all of these strategies today, fueling them with real-time monitoring using barcoding, RFID and IoT sensors to improve visibility across their supply chains.

Gaining even greater visibility into their supply chains using cloud-based track-and-trace systems capable of reporting back the condition of components in transit to the lot and serialized pack level, high-tech suppliers are setting the gold standard for supply chain transparency and visibility. High-tech supply chains dominate many other industries’ supplier networks on accuracy, speed, and scale metrics on a consistent basis, yet the industry is behind on securing its vast supplier network. Every supplier identity and endpoint is a new security perimeter and taking a Zero Trust approach to securing them is the future of complex supply chains. With Zero Trust Privilege, high-tech manufacturers can secure privileged access to infrastructure, DevOps, cloud, containers, Big Data, production, logistics and shipping facilities, systems and teams.

High-Tech Needs to Confront Its Supply Chain Security Problem, Not Dismiss It

It’s ironic that high-tech supply chains are making rapid advances in accuracy and visibility yet still aren’t vetting suppliers thoroughly enough to stop counterfeiting, or worse. Bloomberg’s controversial recent article,The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies, explains how Amazon Web Services (AWS) was considering buying Portland, Oregon-based Elemental Technologies for its video streaming technology, known today as Amazon Prime Video. As part of the due diligence, AWS hired a third-party company to scrutinize Elemental’s security all the way up to the board level. The Elemental servers that handle the video compression were assembled by Super Micro Computer Inc., a San Jose-based company in China. Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design that could create a stealth doorway into any network the machines were attached to. Apple (who is also an important Super Micro customer) and AWS deny this ever happened, yet 17 people have confirmed Supermicro had altered hardware, corroborating Bloomberg’s findings.

The hard reality is that the scenario Bloomberg writes about could happen to any high-tech manufacturer today. When it comes to security and 3rd party vendor risk management, many high-tech supply chains are stuck in the 90s while foreign governments, their militaries and the terrorist organizations they support are attempting to design in the ability to breach any network at will. How bad is it?  81% of senior executives involved in overseeing their companies’ global supply chains say 3rd party vendor management including recruiting suppliers is riskiest in China, India, Africa, Russia, and South America according to a recent survey by Baker & McKenzie.

PriceWaterhouseCoopers (PwC) and the MIT Forum for Supply Chain Innovation collaborated on a study of 209 companies’ supply chain operations and approaches to 3rd party vendor risk management. The study, PwC and the MIT Forum for Supply Chain Innovation: Making the right risk decisions to strengthen operations performance, quantifies the quick-changing nature of supply chains. 94% say there are changes in the extended supply chain network configuration happening frequently. Relying on trusted and untrusted domain controllers from server operating systems that are decades old can’t keep up with the mercurial pace of supply chains today.

Getting in Control of Security Risks in High-Tech Supply Chains

It’s time for high-tech supply chains to go with a least privilege-based approach to verifying who or what is requesting access to any confidential data across the supply chains. Further, high-tech manufacturers need to extend access request verification to include the context of the request and the risk of the access environment. Today it’s rare to find any high-tech manufacturer going to this level of least-privilege access approach, yet it’s the most viable approach to securing the most critical parts of their supply chains.

By taking a least-privilege access approach, high-tech manufacturers and their suppliers can minimize attack surfaces, improve audit and compliance visibility, and reduce risk, complexity, and operating costs across their hybrid manufacturing ecosystem.

Key actions that high-tech manufacturers can take to secure their supply chain and ensure they don’t end up in an investigative story of hacked supply chains include the following:

  • Taking a Zero Trust approach to securing every endpoint provides high-tech manufacturers with the scale they need to grow. High-tech supply chains are mercurial and fast-moving by nature, guaranteeing they will quickly scale faster than any legacy approaches enterprise security management. Vetting and then onboarding new suppliers needs to start by protecting every endpoint to the production and sourcing level, especially for next-generation smart, connected products.
  • Smart, connected products and the product-as-a-service business models they create are all based on real-time, rich, secured data streams that aren’t being eavesdropped on with components no one knows about. Taking a Zero Trust Privilege-based approach to securing access to diverse supply chains is needed if high-tech manufacturers are going to extend beyond legacy Privileged Access Management (PAM) to secure data being generated from real-time monitoring and data feeds from their smart, connected products today and in the future.
  • Quality management, compliance, and quality audits are all areas high-tech manufacturers excel in today and provide a great foundation to scale to Zero Trust Privilege. High-tech manufacturers have the most advanced quality management, inbound inspection and supplier quality audit techniques in the world. It’s time for the industry to step up on the security side too. By only granting least-privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment, high-tech manufacturers can make rapid strides to improve supply chain security.
  • Rethink the new product development cycles for smart, connected products and the sensors they rely on, so they’re protected as threat surfaces when built. Designing in security to the new product development process level and further advancing security scrutiny to the schematic and board design level is a must-do. In an era of where we have to assume bad actors are everywhere, every producer of high-tech products needs to realize their designs, product plans, and roadmaps are at risk. Ensuring the IOT and Wi-Fi sensors in smart, connected products aren’t designed to be hackable starts with a Zero Trust approach to defining security for supplier, design, and development networks.

Conclusion

The era of smart, connected products is here, and supply chains are already reverberating with the increased emphasis on components that are easily integrated and have high-speed connectivity. Manufacturing CEOs say it’s exactly what their companies need to grow beyond transaction revenue and the price wars they create. While high-tech manufacturers excel at accuracy, speed, and scale, they are falling short on security. It’s time for the industry to re-evaluate how Zero Trust can stabilize and secure every identity and threat surface across their supply chains with the same precision and intensity quality is today.

86% Of Enterprises Increasing IoT Spending In 2019

  • Enterprises increased their investments in IoT by 4% in 2018 over 2017, spending an average of $4.6M this year.
  • 38% of enterprises have company-wide IoT deployments in production today.
  • 84% of enterprises expect to complete their IoT implementations within two years.
  • 82% of enterprises share information from their IoT solutions with employees more than once a day; 67% are sharing data in real-time or near real-time.

These and many other fascinating insights are from Zebra Technologies’ second annual Intelligent Enterprise Index (PDF, 25 pp., no opt-in). The index is based on the list of criteria created during the 2016 Strategic Innovation Symposium: The Intelligent Enterprise hosted by the Technology and Entrepreneurship Center at Harvard (TECH) in 2016. An Intelligent Enterprise is one that leverages ties between the physical and digital worlds to enhance visibility and mobilize actionable insights that create better customer experiences, drive operational efficiencies or enable new business models, “ according to Tom Bianculli, Vice President, Technology, Zebra Technologies.

The metrics comprising the index are designed to interpret where companies are on their journeys to becoming Intelligent Enterprises. The following are the 11 metrics that are combined to create the Index: IoT Vision, Business Engagement, Technology Solution Partner, Adoption Plan, Change Management Plan, Point of use Application, Security & Standards, Lifetime Plan, Architecture/Infrastructure, Data Plan and Intelligent Analysis. An online survey of 918 IT decision makers from global enterprises competing in healthcare, manufacturing, retail and transportation and logistics industries was completed in August 2018. IT decision makers from nine countries were interviewed, including the U.S., U.K./Great Britain, France, Germany, Mexico, Brazil, China, India, and Australia/New Zealand. Please see pages 24 and 25 for additional details regarding the methodology.

Key insights gained from the Intelligent Enterprise Index include the following:

  • 86% of enterprises expect to increase their spending on IoT in 2019 and beyond. Enterprises increased their investments in IoT by 4% in 2018 over 2017, spending an average of $4.6M this year. Nearly half of enterprises globally (49%) interviewed are aggressively pursuing IoT investments with the goal of digitally transforming their business models this decade. 38% of enterprises have company-wide IoT deployments today, and 55% have an IoT vision and are currently executing their IoT plans.

  • 49% of enterprises are on the path to becoming an Intelligent Enterprise, scoring between 50 – 75 points on the index. The percent of enterprises scoring 75 or higher on the Intelligent Enterprise Index gained the greatest of all categories in the last 12 months, increasing from 5% to 11% of all respondents. The majority of enterprises are improving how well they scale the integration of their physical and digital worlds to enhance visibility and mobilize actionable insights. The more real-time the integration unifying the physical and digital worlds of their business models, the better the customer experiences and operational efficiencies attained.

  • The majority of enterprises (82%) share information from their IoT solutions with employees more than once a day, and 67% are sharing data in real-time or near real-time. 43% of enterprises say information from their IoT solutions is shared with employees in real-time, up 38% from last year’s index. 76% of survey respondents are from retailing, manufacturing, and transportation & logistics. Gaining greater accuracy of reporting across supplier networks, improving product quality visibility and more real-time data from distribution channels are the growth catalysts companies competing in retail, manufacturing, and transportation & logistics need to grow. These findings reflect how enterprises are using real-time data monitoring to drive quicker, more accurate decisions and be more discerning in which strategies they choose. Please click on the graphic to expand to view specifics.

  • Enterprises continue to place a high priority on IoT network security and standards with real-time monitoring becoming the norm. 58% of enterprises are monitoring their IoT networks constantly, up from 49%, and a record number of enterprises (69%) have a pre-emptive, proactive approach to IT security and network management. It’s time enterprises consider every identity a new security perimeter, including IoT sensors, smart, connected products, and the on-premise and cloud networks supporting them. Enterprises need to pursue a “never trust, always verify, enforce least privilege” approach and are turning to Zero Trust Privilege (ZTP) to solve this challenge today. ZTP grants least privilege access based on verifying who is requesting access, the context of their request, and ascertaining the risk of the access environment. Designed to secure infrastructure, DevOps, cloud, containers, Big Data, and scale to protect a wide spectrum of use cases, ZTP is replacing legacy approaches to Privileged Access Management by minimizing attack surfaces, improving audit and compliance visibility, and reducing risk, complexity, and costs for enterprises. Leaders in this field include Centrify for Privileged Access Management, Idaptive, (a new company soon to be spun out from Centrify) for Next-Gen Access, as well as CiscoF5 and Palo Alto Networks in networking.

  • Analytics and security dominate enterprise’ IoT management plans this year. 66% of enterprises are prioritizing analytics as their highest IoT data management priority this year, and 63% an actively investing in IoT security. The majority are replacing legacy approaches to Privilege Access Management (PAM) with ZTP.  Enterprises competing in healthcare and financial services are leading ZTS’ adoption today, in addition to government agencies globally. Enterprises investing in Lifecycle management solutions increased 11% between 2017 and 2018. Please click on the graphic to expand to view specifics.

The Current State Of Cybersecurity Shows Now Is The Time For Zero Trust

  • 41% of total breaches in 2017 targeted the healthcare industry, making it the most popular target for breach attempts.
  • Personally Identifiable Information (PII) combined with user credentials tops the percentage of breaches with 29% according to Wipro’s report.
  • 88 records were lost or stolen every second in 2017 according to Wipro’s analysis.
  • Machine learning & AI are the second highest ranking security competencies for the future.

These and many other fascinating findings are from Wipro’s State of Cybersecurity Report 2018. A copy of the report can be downloaded here (PDF, 96 pp., no opt-in). The study is based on four primary sources of data including primary research of Wipro customers, Cyber Defense Center (CDC) primary research, secondary research sources and Wipro partner content. 42% of respondents are from North America, 10% from Europe, 18% from the Middle East, 21% from Asia and 8% from Australia. For additional details on the methodology, please see pages 3 through 5 of the report.

Banking & Financial Services and Healthcare Breaches Most Common

Over 40% of all breaches Wipro was able to track using their CDCs are targeted at healthcare, followed by banking & financial services with 18%. This is consistent with Verizon’s 2018 Data Breach Investigations Report which shows healthcare leading all industries with five times the number of breaches experienced than any other industry. Banking & financial services receive more server-based breach incidents than any other industry according to Verizon’s latest study. Accenture’s study, “Losing the Cyber Culture War in Healthcare: Accenture 2018 Healthcare Workforce Survey on Cybersecurity” found that 18% of healthcare employees are willing to sell confidential data to unauthorized parties for as little as $500 to $1,000.

Wipro’s State of Cybersecurity Report 2018 underscores how all industries are facing a security crisis today. The study shows how all industries need a more scalable approach to security that protects every attack surface by validating every access request on every device, for every resource.  Zero Trust Security (ZTS) continues to be proven effective in thwarting breach attempts across all industries by relying on its four core pillars of verifying the identity of every user, validating every device, limiting access and privilege, as well as relying on machine learning to analyze user behavior and gain greater insights from analytics. Leaders in this field include Centrify for Privileged Access Management, Idaptive, (a new company soon to be spun out from Centrify) for Next-Gen Access, as well as CiscoF5 and Palo Alto Networks in networking.

ZTS starts by maturing an organization’s identity management practices ― be it to secure end-user access credentials through Next-Gen Access (NGA) or to secure privileged user credentials via Zero Trust Privilege (ZTP). NGA empowers organizations to validate every end user access attempt by capturing and then analyzing a wide breadth of data, including user identity, device, device operating system, location, time, resource request, and many other factors to derive risk scores. NGA determines in less than a second if verified end users will get immediate access to resources requested, or be asked to verify their identity further through Multi-Factor Authentication (MFA). Zero Trust Privilege is focused on privileged users that typically hold the “keys to the kingdom” and therefore are a common target for cyber adversaries. ZTP grants least privilege access based on verifying who is requesting access, the context of the request, and the risk of the access environment. By implementing least privilege access, organizations minimize attack surfaces, improving audit and compliance visibility, and reducing risk, complexity, and costs for the modern, hybrid enterprise. Every industry needs Zero Trust Security to secure the proliferating number and variety of attack surfaces and realize that each customer, employee and partner identity is their real security perimeter.

Key takeaways of the Wipro State of Cybersecurity Report 2018 include the following:

  • Security Architecture & Design and Machine learning & AI are the #1 and #2 ranked security competencies for the future. When senior executive respondents were asked which security competencies would most help security practitioners excel in the cybersecurity domain, they mentioned security architecture & design (31%) and machine learning & AI (19%) as their top choices. Next-Gen Access platforms leverage machine learning algorithms to continuously learn and generate contextual intelligence that is used to streamline access for verified end users while thwarting breach attempts, the most common of which is compromised credentials. Please click on the graphic to expand it for easier reading.

  • 29% of respondents say that Privileged Access Management (PAM) gave them most value, further validating now is the time for Zero Trust Privilege. IT executives are more and more understanding that privileged access credential abuse is the most common cause for cyber-attacks and therefore are starting to place more emphasis on implementing Privileged Access Management. Centrify has recently announced a new focus on Zero Trust Privilege, extending PAM to a broader modern threatscape including DevOps, containers, Big Data and more. Please click on the graphic to expand it for easier reading.

  • Endpoint attack vectors are proliferating faster than traditional enterprise security approaches can keep up. The scale and scope of endpoint attack vectors continue to change quickly. Wipro found that breach attempts are often multi-dimensional with orchestrated attempts to compromise a combination of attack vectors at once. Wipro’s findings that endpoint attack vectors are fluctuating so quickly further support the need for ZTS enabled by Next-Gen Access as the primary security strategy to thwart breach attempts. Please click on the graphic to expand it for easier reading.

Conclusion

In quantifying the number and scope of breaches healthcare, banking & financial services, retail, education and manufacturing companies experienced in 2017, Wipro’s latest Wipro State of Cybersecurity Report shows how every identity is the new security perimeter of a business. Attack surfaces are proliferating with the growth of business models in each of these industries, accelerated by the Internet of Things (IoT) adoption and smart, connected products and systems. By relying on the four core pillars of verifying the identity of every user, validating every device, limiting access and privilege, as well as relying on machine learning to analyze user behavior and gain greater insights from analytics, Zero Trust Security thwarts breach attempts by protecting every threat surface in real-time.

IBM’s 2018 Data Breach Study Shows Why We’re In A Zero Trust World Now

  • Digital businesses that lost less than 1% of their customers due to a data breach incurred a cost of $2.8M, and if 4% or more were lost the cost soared to $6M.
  • U.S. based breaches are the most expensive globally, costing on average $7.91M with the highest global notification cost as well, $740,000.
  • A typical data breach costs a company $3.86M, up 6.4% from $3.62M last year.
  • Digital businesses that have security automation can minimize the costs of breaches by $1.55M versus those businesses who are not ($2.88M versus $4.43M).
  • 48% of all breaches are initiated by malicious or criminal attacks.
  • Mean-time-to-identify (MTTI) a breach is 197 days, and the mean-time-to-contain (MTTC) is 69 days.

These and many other insights into the escalating costs of security breaches are from the 2018 Cost of a Data Breach Study sponsored by IBM Security with research independently conducted by Ponemon Institute LLC. The report is downloadable here (PDF, 47 pp. no opt-in).

The study is based on interviews with more than 2,200 compliance, data protection and IT professionals from 477 companies located in 15 countries and regions globally who have experienced a data breach in the last 12 months. This is the first year the use of Internet of Things (IoT) technologies and security automation are included in the study. The study also defines mega breaches as those involving over 1 million records and costing $40M or more. Please see pages 5, 6 and 7 of the study for specifics on the methodology.

The report is a quick read and the data provided is fascinating. One can’t help but reflect on how legacy security technologies designed to protect digital businesses decades ago isn’t keeping up with the scale, speed and sophistication of today’s breach attempts. The most common threat surface attacked is compromised privileged credential access. 81% of all breaches exploit identity according to an excellent study from Centrify and Dow Jones Customer Intelligence, CEO Disconnect is Weakening Cybersecurity (31 pp, PDF, opt-in).

The bottom line from the IBM, Centrify and many other studies is that we’re in a Zero Trust Security (ZTS) world now and the sooner a digital business can excel at it, the more protected they will be from security threats. ZTS begins with Next-Gen Access (NGA) by recognizing that every employee’s identity is the new security perimeter for any digital business.

Key takeaways from the study include the following:

  • U.S. based breaches are the most expensive globally, costing on average $7.91M, more than double the global average of $3.86M. Nations in the Middle East have the second-most expensive breaches globally, averaging $5.31M, followed by Canada, where the average breach costs a digital business $4.74M. Globally a breach costs a digital business $3.86M this year, up from $3.62M last year. With the costs of breaches escalating so quickly and the cost of a breach in the U.S. leading all nations and outdistancing the global average 2X, it’s time for more digital businesses to consider a Zero Trust Security strategy. See Forrester Principal Analyst Chase Cunningham’s recent blog post What ZTX Means For Vendors And Users, from the Forrester Research blog for where to get started.

  • The number of breached records is soaring in the U.S., the 3rd leading nation of breached records, 6,850 records above the global average. The Ponemon Institute found that the average size of a data breach increased 2.2% this year, with the U.S. leading all nations in breached records. It now takes an average of 266 days to identify and contain a breach (Mean-time-to-identify (MTTI) a breach is 197 days and the mean-time-to-contain (MTTC) is 69 days), so more digital businesses in the Middle East, India, and the U.S. should consider reorienting their security strategies to a Zero Trust Security Model.

  • French and U.S. digital businesses pay a heavy price in customer churn when a breach happens, among the highest in the world. The following graphic compares abnormally high customer churn rates, the size of the data breach, average total cost, and per capita costs by country.

  • U.S. companies lead the world in lost business caused by a security breach with $4.2M lost per incident, over $2M more than digital businesses from the Middle East. Ponemon found that U.S. digitally-based businesses pay an exceptionally high cost for customer churn caused by a data breaches. Factors contributing to the high cost of lost business include abnormally high turnover of customers, the high costs of acquiring new customers in the U.S., loss of brand reputation and goodwill. U.S. customers also have a myriad of competitive options and their loyalty is more difficult to preserve. The study finds that thanks to current notification laws, customers have a greater awareness of data breaches and have higher expectations regarding how the companies they are loyal to will protect customer records and data.

Conclusion

The IBM study foreshadows an increasing level of speed, scale, and sophistication when it comes to how breaches are orchestrated. With the average breach globally costing $4.36M and breach costs and lost customer revenue soaring in the U.S,. it’s clear we’re living in a world where Zero Trust should be the new mandate.

Zero Trust Security starts with Next-Gen Access to secure every endpoint and attack surface a digital business relies on for daily operations, and limit access and privilege to protect the “keys to the kingdom,” which gives hackers the most leverage. Security software providers including Centrify are applying advanced analytics and machine learning to thwart breaches and many other forms of attacks that seek to exploit weak credentials and too much privilege. Zero Trust is a proven way to stay at parity or ahead of escalating threats.

Zero Trust Security Is The Growth Catalyst IoT Needs

  • McKinsey predicts the Internet of Things (IoT) market will be worth $581B for ICT-based spend alone, growing at a Compound Annual Growth Rate (CAGR) between 7 and 15% according to their study Internet of Things The IoT opportunity – Are you ready to capture a once-in-a-lifetime value pool?
  • By 2020, Discrete Manufacturing, Transportation & Logistics and Utilities industries are projected to spend $40B each on IoT platforms, systems, and services according to Statista.
  • The Industrial Internet of Things (IIoT) market is predicted to reach $123B in 2021, attaining a CAGR of 7.3% through 2020 according to Accenture.

IoT is forecast to be one of the tech industry’s fastest-growing sectors in the next three to five years, as many market estimates like the ones above illustrate. The one factor that will fuel IoT to rapidly grow to new heights or deflate demand just as quickly is security across the myriad of endpoints.

Zero Trust Security (ZTS) is the force multiplier IoT needs to reach its true potential and must be designed into IoT networks if they are going to flex and scale for every endpoint and protect every threat surface.

IoT Needs A Security Wake-Up Call Now  

Industrial Control Systems (ICS) provides a cautionary tale for anyone who thinks enterprise networks don’t need endpoint security and the ability to control access from any point inside or outside an organization.

Chemical, electricity, food & beverage, gas, healthcare, oil, transportation, water services and other key infrastructure industries have relied on ICS applications and platforms for decades. They were designed to deliver reliability and uptime first with little if any effort put into securing them.

However, the glaring security gaps in ICS provide the following lessons for IoT adoption now and in the future:

  • Only digitally enable an endpoint that can verify if every person or device attempting access is authorized, down to the risk score and device level. ICS endpoints were added as fast as utility companies and manufacturers could enable them with speed of deployment, reliability measurement, and uptime being the highest priorities. Security wasn’t a priority with the results being predictable: now many nations’ power grids are vulnerable to attack due to this oversight. With IoT, utilities need to start designing in security to the sensor level using Next-Gen Access as the foundation, leveraging Identity-as-a-Service (IDaaS), Enterprise Mobility Management (EMM) and Privileged Access Management (PAM) to enable Zero Trust strategies organization-wide. Next-Gen Access calculates a risk score predicated on previous authorized login and resource access patterns for each verified account.  When there is an anomaly in account credentials’ use, users are requested to verify with Multi-Factor Authentication (MFA).
  • An ICS doesn’t learn from security mistakes, while NGA gets smarter with every breach attempt. A typical ICS is designed to make operations more efficient and reliable, not secure. Even with many endpoints of an ICS being digitally-enabled today with device retrofitting common, security still isn’t a priority. Instead of digitally enabling IoT sensors purely for efficiency, Next-Gen Access needs to be designed in at the sensor level to protect entire networks. Zero Trust Security’s four main pillars are to verify the user, validate their device, limit access and privilege, and learn and adapt. Machine learning is relied on for learning and adapting in real-time to access requests and threats.
  • ICS assumes no bad actors exist while NGA knows how to stop them. Bad actors, or those who want to breach a system for financial gain or to harm a business, aren’t just outside. Verizon’s 2017 Data Breach Investigations Report finds that 25% of all breaches are initiated from inside an organization and 75% outside which makes NGA essential for attaining Zero Trust Security on an enterprise level. Of the ICS being protected today, the majority are reliant on trusted and untrusted domains, a security technology over two decades old. When organized crime, state-sponsored hacking organizations or internal employees can quickly compromise privileged credentials, entire utility systems are at risk.
  • Replacing security-obsolete ICS with IoT-based systems that have NGA designed in to flex for every person and device shuts down physical and digital attack vectors organization-wide. The strategic security plan for any IoT-enabled enterprise has to prioritize faster automated discovery, configuration and response if it’s going to survive against highly orchestrated attacks. NGA has proven effective at thwarting unauthorized privileged credential attacks while continually learning from usage patterns of authorized and unauthorized users.

Conclusion

ICS have some of the most porous, incomplete security perimeters of any enterprise systems. 63% of all ICS-related vulnerabilities cause processing plants to lose control of operations, and 71% can obfuscate or block the view of operations immediately according to the Dragos Industrial Control Vulnerabilities 2017 in Review.  ICS needs an overhaul starting with Next-Gen Access, enabling Zero Trust Security across every employee and device that forms an organizations’ security perimeter.

Bain & Company released a study on the price elasticity of IoT-enabled products by security level. They found that 93% of the executives surveyed would pay an average of 22% more for devices with better security. Taken together, Bain estimates that improving security solutions for these devices could grow the IoT cybersecurity market by $9B to $11B.

The speed at which manufacturers are building smart, connected products accentuates the need for Zero Trust Security powered by Next-Gen Access from their inception. Security as an afterthought won’t be effective at the scale and pace of IoT.

Source: Bain Snap Chart, July 98, 2018 Better IoT Security Could Grow Device Market

 

Zero Trust Security Update From The SecurIT Zero Trust Summit

  • Identities, not systems, are the new security perimeter for any digital business, with 81% of breaches involving weak, default or stolen passwords.
  • 53% of enterprises feel they are more susceptible to threats since 2015.
  • 51% of enterprises suffered at least one breach in the past 12 months and malicious insider incidents increased 11% year-over-year.

These and many other fascinating insights are from SecurIT: the Zero Trust Summit for CIOs and CISOs held last month in San Francisco, CA. CIO and CSO produced the event that included informative discussions and panels on how enterprises are adopting Next-Gen Access (NGA) and enabling Zero Trust Security (ZTS). What made the event noteworthy were the insights gained from presentations and panels where senior IT executives from Akamai, Centrify, Cisco, Cylance, EdgeWise, Fortinet, Intel, Live Nation Entertainment and YapStone shared their key insights and lessons learned from implementing Zero Trust Security.

Zero Trust’s creator is John Kindervag, a former Forrester Analyst, and Field CTO at Palo Alto Networks.  Zero Trust Security is predicated on the concept that an organization doesn’t trust anything inside or outside its boundaries and instead verifies anything and everything before granting access. Please see Dr. Chase Cunningham’s excellent recent blog post, What ZTX means for vendors and users, for an overview of the current state of ZTS. Dr. Chase Cunningham is a Principal Analyst at Forrester.

Key takeaways from the Zero Trust Summit include the following:

  • Identities, not systems, are the new security perimeter for any digital business, with 81% of breaches involving weak, default or stolen passwords. Tom Kemp, Co-Founder, and CEO, Centrify, provided key insights into the current state of enterprise IT security and how existing methods aren’t scaling completely enough to protect every application, endpoint, and infrastructure of any digital business. He illustrated how $86B was spent on cybersecurity, yet a stunning 66% of companies were still breached. Companies targeted for breaches averaged five or more separate breaches already. The following graphic underscores how identities are the new enterprise perimeter, making NGA and ZTS a must-have for any digital business.

  • 53% of enterprises feel they are more susceptible to threats since 2015. Chase Cunningham’s presentation, Zero Trust and Why Does It Matter, provided insights into the threat landscape and a thorough definition of ZTX, which is the application of a Zero Trust framework to an enterprise. Dr. Cunningham is a Principal Analyst at Forrester Research serving security and risk professionals. Forrester found the percentage of enterprises who feel they are more susceptible to threats nearly doubled in two years, jumping from 28% in 2015 to 53% in 2017. Dr. Cunningham provided examples of how breaches have immediate financial implications on the market value of any business with specific focus on the Equifax breach.

Presented by Dr. Cunningham during SecurIT: the Zero Trust Summit for CIOs and CISOs

  • 51% of enterprises suffered at least one breach in the past 12 months and malicious insider incidents increased 11% year-over-year. 43% of confirmed breaches in the last 12 months are from an external attack, 24% from internal attacks, 17% are from third-party incidents and 16% from lost or stolen assets. Consistent with Verizon’s 2018 Data Breach Investigations Report use of privileged credential access is a leading cause of breaches today.

Presented by Dr. Cunningham during SecurIT: the Zero Trust Summit for CIOs and CISOs

                       

  • One of Zero Trust Security’s innate strengths is the ability to flex and protect the perimeter of any growing digital business at the individual level, encompassing workforce, customers, distributors, and Akamai, Cisco, EdgeWise, Fortinet, Intel, Live Nation Entertainment and YapStone each provided examples of how their organizations are relying on NGA to enable ZTS enterprise-wide. Every speaker provided examples of how ZTS delivers several key benefits including the following: First, ZTS reduces the time to breach detection and improves visibility throughout a network. Second, organizations provided examples of how ZTS is reducing capital and operational expenses for security, in addition to reducing the scope and cost of compliance initiatives. All companies presenting at the conference provided examples of how ZTS is enabling greater data awareness and insight, eliminating inter-silo finger-pointing over security responsibilities and for several, enabling digital business transformation. Every organization is also seeing ZTS thwart the exfiltration and destruction of their data.

Conclusion

The SecurIT: the Zero Trust Summit for CIOs and CISOs event encapsulated the latest advances in how NGA is enabling ZTS by having enterprises who are adopting the framework share their insights and lessons learned. It’s fascinating to see how Akamai, Cisco, Intel, Live Nation Entertainment, YapStone, and others are tailoring ZTS to their specific customer-driven goals. Each also shared their plans for growth and how security in general and NGA and ZTS specifically are protecting customer and company data to ensure growth continues, uninterrupted.

 

 

%d bloggers like this: