We realize the difficulty of shifting your focus from day-to-day challenges and core objectives to make sense of past security developments, but not doing so could lull you into complacency. With an appreciation of history comes perspective, and the old adage holds true: those who don’t understand history are doomed to repeat it. To help you take steps to avoid potential identity management and security vulnerabilities, let’s review security trends from 2018 and uncover developments that deserve attention in 2019.
We’ve All Been Hacked and May Be Again
Each year we see a new batch of significant data breaches; it’s the new normal for consumers and businesses. In 2018, Distributed Denial of Service (DDoS) remained a problem, as was human error that fueled several ransomware attacks. Malware delivered via email and “file-less” attacks also played a major role in unlocking company networks.
While it’s easy to fixate on attack frequency and the funds/IP cybercriminals steal, that’s just part of the story. Since many breaches at smaller companies go unreported, we only hear about a fraction of total incidents.
What we do know is that breaches depend on data access when sophisticated attack methods overcome company defenses. Exposure can also occur through simple human error, when data is accidentally placed on unprotected publicly accessible servers, or when cybercriminals compromise employee or third-party credentials.
When courts of law or public opinion determine that a company could’ve done more to protect data, it’s an uphill battle to defend the actions that preceded a breach. To make matters worse, companies must simultaneously contend with the one-two punch of mitigating further loss to get back on their feet.
Changes in the Global Compliance and Governance Landscape
In May of 2018, the Global Data Protection Regulation (GDPR) went into effect. While it may be too early to assess the impact of GDPR, we anticipate that large companies are the most prominent targets and will receive the most fines for non-compliance. For example, the day after GDPR went into effect, Google, Facebook, Instagram and WhatsApp all had a complaint filed against them.
But enterprises aren’t the only targets: once a brand is subject to scrutiny the potential for its partners and small/medium-size enterprises (SMEs) must also brace for enforcement activity. And as large enterprises improve GDPR compliance, it makes sense for regulators to set their sights on SMEs. Although Sarbanes-Oxley standards for data protection by public companies and accounting firms apply now, we’re starting to see laws in the U.S. that resemble the GDPR in the EU, such as the California Consumer Privacy Act.
Expansion of Threat Surfaces
Throughout 2018 the quantity of connected devices grew exponentially. Unfortunately, in the rush to secure market share the Internet of Things (IoT) and its commercial equivalent, the Industrial Internet of Things (IIoT), suffered from insufficient security. To put this in context, Mozilla’s 2018 Internet Health Report predicted that up to 30 billion IoT devices will be activated by 2020.
Additionally, the rapid proliferation of Robotic Process Automation (RPA) software that mimics humans is expanding rapidly. Artificial Intelligence (AI) continues to disrupt how companies interact with customers, presenting new channels for hackers to tunnel into data, applications and networks. As organizations extend business models to increase customer engagement and embrace the IoT, RPA, machine learning and AI, new gaps will inevitably appear in IT infrastructure.
Traditional security solutions weren’t designed to safeguard this innovative technology. When malicious users invade conventional tools such as firewalls, identity-focused security solutions are the only ones capable of monitoring incidents in real-time and taking immediate remediation steps – a critical argument for managing identities with sophisticated tools and techniques.
Growing Shortage of IT Staff and Resources
Throughout 2018 countless organizations struggled to fill IT security positions. Security teams were overworked yet continued to face increased demand and long hours, especially when it came to supporting digitization efforts. With this in mind, security solutions with a singular focus may work for now, but they take time to maintain and don’t scale well. This creates even more pressure on already stretched security teams; inevitably leading to burnout and security gaps.
While the private sector has its own challenges, the public sector faces a future equally mired in complexity. An IT exodus is anticipated in 2020 when 34.3% of employees (including federal IT and security personnel) become eligible for retirement. Given the combined woes of private and public sectors, now is the time to implement a comprehensive security and identity management platform that automates time-consuming tasks to ease under-staffed, overburdened security teams.
New Business Models Continue to Drive Cloud Migrations
To increase customer engagement and establish new business models, enterprises are driving application workloads to the cloud in record numbers. Cloud migration across countless sectors remains a top-shelf priority in 2019, as companies strive to compete in the mercurial, shark-infested waters of our current business environment. Estimates of cloud-related spend reflect this new reality, including statistics from The International Data Corporation (IDC) that cloud IT infrastructure spending in 2018 reached $65.2 billion, a 37.2 percent increase from 2017. And by 2025, an estimated 80% of companies will have migrated 100% of their IT infrastructure to the cloud.
With so much data concentrated in relatively few cloud platforms, what happens when breaches occur? Who bears the liability? Clearly, we’ve entered uncharted territory, and as many companies discovered in 2018, cloud breaches that result in crippling legal expense and regulatory fines are on the rise.
Our ever-expanding digital landscape calls for a comprehensive security platform, but few vendors can cover the broad spectrum of security needs. As the future unfolds, senior executives face relentless pressure for digital transformation across the enterprise. With digitization comes risk, yet companies are forced to remain viable and “see around corners” to plan for the inevitable.
Want to craft an effective security and identity management strategy moving forward? Learn more about our leading IGA platform solution. Contact a member of our sales