There’s a significant shift in how organizations are viewing information security, according to The Global State of Information Security Survey 2017 (click to download the original publication) from PricewaterhouseCoopers (PwC).
Here’s a short summary of a few of the major trends mentioned in the document:
Opting for Cloud-Based Security
Instead of traditional on-premises systems, 62 percent of organizations are opting for cloud-based managed security services to provide:
- Identity and access management
- Real-time monitoring and analytics
- Threat intelligence
PwC calls out real-time monitoring and analytics as key to proactive threat intelligence – 51 percent of respondents monitor data to detect security risks and incidents.
To help you gain insight into the users and devices accessing your applications, Route443 is able to assist you on the area of Identity & Access Management, that can be used to make access policy decisions.
“Identity has been at the heart of most every breach in the past two years“. – Richard Kneeley, PwC US Managing Director, Cybersecurity and Privacy.
Phishing has emerged as a significant risk across all companies and every industry. Thirty-eight percent of those surveyed reported phishing scams. Criminals will send phishing emails to employees in order to trick them into sharing their legitimate user credentials, gaining access to company systems and data.
Passwords alone aren’t secure enough to protect against phishing attacks. PwC reports that businesses are adopting advanced authentication, or multi-factor authentication technology such as software tokens, biometrics and smartphone tokens.
As security perimeters dissolve and identity expands from people to connected devices, identity and access management (IAM) tools are more essential than ever to protect access and prevent incursions.
As PwC stated in their survey, “authentication must be frictionless and intuitive for end users.”
Route443 is able to assist you by implementing conditional access, contextual based where having the password is just not enough. Getting devices into the context of authentication and authorization, enables frictionless and intuitive authentication for your end users.
Another trend listed by PwC is the use of additional data points to identify suspicious behaviors and patterns – data such as a user’s login time and location, type of device, network, etc. to create risk-based access decisions.
“Identity has been at the heart of most every breach in the past two years,” said Richard Kneeley, PwC US Managing Director, Cybersecurity and Privacy. “Many of these breaches have involved someone gaining access by using compromised identity, then changing their identity once inside the network to ratchet up access to data and systems by taking over a privileged account and in the process gaining unlimited access to the network, to systems and to data .”
Protecting the Identity is the fundamental ground rule of our Identity Driven Security approach, Route443 is able to assess, guide and implement all required measures.
By blocking authentication attempts based on user location, network type or their device, you can reduce risks associated with anonymous networks, countries you don’t do business in, or exposure to out-of-date and risky devices.