- Just 31% of companies are using mobile device or enterprise mobility management (MDM or EMM).
These and many other insights are from the recently published Verizon Mobile Security Index 2018 Report. The report is available here for download (22 pp., PDF, no opt-in). Verizon commissioned an independent research company to complete the survey in the second half of 2017, interviewing over 600 professionals involved in procuring and managing mobile devices for their organizations. Please see page 20 of the study for additional details on the methodology.
The study found that the accelerating pace of cloud, Internet of Things (IoT), and mobile adoption is outpacing enterprises’ ability to scale security management, leaving companies vulnerable. When there’s a trade-off between the expediency needed to accomplish business performance goals and security, the business goals win the majority of the time. 32% of enterprises are sacrificing security for expediency and business performance, leaving many areas of their core infrastructure unsecured. Enterprises who made this trade-off of expediency over security were 2.4x as likely to suffer data loss or downtime.
Key takeaways from the study include the following:
- 79% of enterprises consider their employees to be the most significant security threat. The study points out that it’s not due to losing devices, inadvertent security errors or circumventing security policies. It’s the threat of employees using their secured access for financial or personal gain. 58% of senior management leaders interviewed view employees with secure access as the most significant threat. Security platforms that can stop credential attacks using risk assessment models predicated on behavioral pattern matching and analysis by verifying an employee’s identity are flourishing today. One of the leaders in this field is Centrify, who espouses Zero Trust Security. The following graphic from the study shows the priority of which actors enterprise leaders are most concerned about regarding threats, with employees being the most often mentioned.
- 32% of enterprises have sacrificed security for expediency and business performance leading to 45% of them suffering data loss or downtime. The study found that companies who sacrificed security were also 2.4x more likely to have experienced data loss or downtime as a result of a mobile-related security incident. For the 68% who prioritized security over expediency, just 19% had suffered data loss or downtime.
- 89% of enterprises are relying on just a single security practice to keep their mobile networks safe. Verizon’s study found that the majority of enterprises are relying on just one security practice to protect their networks. 55% have two in place, and just 14% have four. Of the four security practices, only 39% change all default passwords. Just under half (47%), encrypt the transmission of sensitive data across open, public networks. The following graphic from the study illustrates the percentage of enterprises who have between 1 and all four security practices in place.
- Just 49% of enterprises have a policy regarding the use of public Wi‑Fi, and even fewer (47%) encrypt the transmission of sensitive data across open, public networks. A startling high 71% of respondents use public Wi-Fi networks for work tasks, despite their companies prohibiting their use. Taking risks with unsecured Wi-Fi networks for expediency and business performance being done at the expense of security supports a key finding of this study. Nearly one in three (32%) of enterprises are sacrificing security for expediency and business performance, including accessing unsecured Wi-Fi networks. The following infographic from the study explains a few of the many security threats inherent in the design and use of public Wi-Fi networks.
- Just 55% of CEOs say their organizations have experienced a breach, while 79% of CTOs acknowledge breaches have occurred. One in approximately four CEOs (24%) aren’t aware if their companies have even had a security breach.
- 68% of executives whose companies experienced significant breaches in hindsight believe that the breach could have been prevented by implementing more mature identity and access management strategies.
These and many other fascinating findings are from the recently released Centrify and Dow Jones Customer Intelligence study, CEO Disconnect is Weakening Cybersecurity (31 pp, PDF, opt-in).
One of the most valuable findings from the study is how CEOs can reduce the risk of a security breach meltdown by rethinking their core cyber defense strategy by maturing their identity and access management strategies.
However, 62% of CEOs have the impression that multi-factor authentication is difficult to manage. Thus, their primary security concern is primarily driven by how to avoid delivering poor user experiences. In this context, machine learning can assist in strengthening the foundation of a multi-factor authentication platform to increase effectiveness while streamlining user experiences.
Five Ways Machine Learning Saves Companies From Security Breach Meltdowns
Machine learning is solving the security paradox all enterprises face today. Spending millions of dollars on security solutions yet still having breaches occur that are crippling their ability to compete and grow, enterprises need to confront this paradox now. There are many ways machine learning can be used to improve enterprise security. With identity being the primary point of attacks, the following are five ways machine learning can be leveraged in the context of identity and access management to minimize the risk of falling victim to a data breach.
- Thwarting compromised credential attacks by using risk-based models that validate user identity based on behavioral pattern matching and analysis. Machine learning excels at using constraint-based and pattern matching algorithms, which makes them ideal for analyzing behavioral patterns of people signing in to systems that hold sensitive information. Compromised credentials are the most common and lethal type of breach. Applying machine learning to this challenge by using a risk-based model that “learns’ behavior over time is stopping security breaches today.
- Attaining Zero Trust Security (ZTS) enterprise-wide using risk scoring models that flex to a businesses’ changing requirements. Machine learning enables Zero Trust Security (ZTS) frameworks to scale enterprise-wide, providing threat assessments and graphs that scale across every location. These score models are invaluable in planning and executing growth strategies quickly across broad geographic regions. CEOs need to see multi-factor authentication as a key foundation of ZTS frameworks that can help them grow faster. Machine learning enables IT to accelerate the development of Zero Trust Security (ZTS) frameworks and scale them globally. Removing security-based roadblocks that get in the way of future growth needs to be the highest priority CEOs address. A strong ZTS framework is as much a contributor to revenue as is any distribution or selling channel.
- Streamlining security access for new employees by having persona-based risk model profiles that can be quickly customized by IT for specific needs. CEOs most worry about security’s poor user experience and its impacts on productivity. The good news is that the early multi-factor authentication workflows that caused poor user experiences are being redefined with contextual insights and intelligence based on more precise persona-based risk scoring models. As the models “learn” the behaviors of employees regarding access, the level of authentication changes and the experience improves. By learning new behavior patterns over time, machine learning is accelerating how quickly employees can gain access to secured services and systems.
- Provide predictive analytics and insights into which are the most probable sources of threats, what their profiles are and what priority to assign to them. CIOs and the security teams they manage need to have enterprise-wide visibility of all potential threats, ideally prioritized by potential severity. Machine learning algorithms are doing this today, providing threat assessments and defining which are the highest priority threats that CIOs and their teams need to address.
- Stop malware-based breaches by learning how hackers modify the code bases in an attempt to bypass multi-factor authentication. One of the favorite techniques for hackers to penetrate an enterprise network is to use impersonation-based logins and passwords to pass malware onto corporate servers. Malware breaches can be extremely challenging to track. One approach that is working is when enterprises implement a ZTS framework and create specific scenarios to trap, stop and destroy suspicious malware activity.