IAM Need Rises as Cyberattacks Continue to Peak
The need for good cybersecurity continues to be high on the agenda for organizations globally, with cyberattacks still being an issue. In Q1 2018 alone, cyberattacks rose by nearly a third in Europe.
May 2018 | Omada
IAM Need Rises as Cyberattacks Continue to Peak
The need for good cybersecurity continues to be high on the agenda for organizations globally, with cyberattacks still being an issue. In Q1 2018 alone, cyberattacks rose by nearly a third in Europe. In line with the rise in attacks, identity and access management is becoming more widely adopted with the aim of protecting organizations better – and providing heightened data protection in the process.
Cyberattacks continue to pose a global issue, with new data suggesting that we are still nowhere near addressing the problem. The Ponemon Institute notes that seven out of 10 organizations say their security risk increased significantly in 2017 and according to ThreatMetrix, cyberattacks rose by 30% in Europe alone during the first quarter of the year compared to the same period in 2017. ITGovernance adds that healthcare breaches are climbing the list and in March 2018 there were a staggering 20,836,531 records leaked – a figure which ITGovernance notes climbed significantly to 72,611,721 in April 2018.
Data leaks are costly for businesses
The Equifax leak still stands out as one of the largest in modern history. The consumer credit reporting agency suffered a data leak in 2017, which exposed the personal information of approximately 150 million people. In the company’s first quarter earnings report, Equifax writes that it has spent US$45.7 million in 2018 on IT and data security, bringing the total to spend on its data breach so far to US$242.7 million.
The Equifax data breach was only one of many to make headlines in recent times. US based Home Depot recently announced that the cost of its data breach was US$33 million. Another company to have recently faced a large data breach is UK telco TalkTalk, where the data theft of close to 157,000 customers led to names, addresses, dates of birth, and phone numbers being exposed. TalkTalk was fined a then record £400,000, but in the light of the GDPR, that figure could be significantly higher today. Perhaps most damaging, though, as TalkTalk’s CEO Dido Harding told local press, was the effect on the company’s reputation, which the telco is still working to rebuild.
According to Business Insider Intelligence, data breaches are truly bad for business and can damage both reputations and customers, affecting the trust in brands. A study from KPMG notes that 19% of consumers would completely stop shopping at a retailer after it suffered a data breach, with 33% saying they would take a break from the retailer for an extended period. For retailers such as Lord & Taylor and Under Armour, both of which are among the many retailers to have recently suffered data breaches, this is in no way good news.
Downtime largest cost of an attack
Although data breaches are hugely ‘popular’ right now, they are not new. In fact, some say the first attack took place almost 200 years ago, when two French bankers poisoned the data that went over the system in France’s first national mechanical telegraph system in 1834 in order to get a trading advantage in the bond market.
Fast forward to 2018, and the issue prevails. In the 10 Must-Know Cybersecurity Statistics for 2018, the Ponemon Institute states that seven out of 10 organizations say their security risk increased significantly in 2017 and that overall, cybersecurity is a growing priority for organizations of all sizes, across all industries.
The report notes that 54% of all companies experienced one or more successful attacks in 2017 that compromised data and/or IT infrastructure. Companies do not want to be the next Equifax, having their reputation tarnished in the global media. According to Gartner, global cybersecurity spending is now forecasted to reach US$96 billion this year. With only a third of organizations stating they believe they have adequate resources to manage security effectively, the numbers start to make sense. Add to that the new indication that on average, a cyberattack costs over US$5 million, or US$301 per employee – on average, remember – the numbers speak for themselves.
The costs of a data breach span the breadth of an organization, from reputational loss to the bottom line numbers. The Ponemom Institute reveals that the costliest effect, though, is downtime, with 30% of the total cost is IT and end user productivity loss. This is closely followed by system downtime, taking up 25% of the total cost, and theft of information assets, at 23% of the total cost. Further down the list is damage to infrastructure, at 10%, reputational damage at 8%, and lawsuits, fines, and regulatory actions at just 4%.
Insider threats also on the rise
Chairman and founder of the Ponemon Institute Larry Ponemon writes that one should not forget the insider threat when looking at the cybersecurity threat landscape.
In his 2018 Cost of Insider Threats report, Ponemon states that while the negligent insider is the root cause of most breaches, the bad actor who steals employees’ credentials is responsible for the costliest incidents. Incidents involving negligent employees or contractors cost companies an average of US$283,281, a cost which more than doubles (US$648,845) if the incident involves an imposter or thief stealing credentials, according to the report. In comparison, hackers cost the organizations an average of US$607,745 per incident, according to the report. Moreover, insider attacks take time. The report concludes that it takes companies over two months on average to contain an insider incident, and only 16% of incidents are contained in less than 30 days.
Identity as the new perimeter
Good cybersecurity encompasses many elements including, among others, identity and access management. Identity and access management is a cornerstone of good cyber security, providing clarity and control around who in the organization has access to what, and when and why they were given that access.
The staggeringly high cyberattack numbers, paired with GDPR, are leading to an increase in cybersecurity spending in 2018. According to ComputerWeekly’s UK and Ireland IT Priorities report 2018, this is also affecting identity and access management, as 43% of organizations plan to invest in identity and access management in 2018 as part of their cybersecurity budgets. The report notes that this is in line with predictions that identity will become increasingly important as organizations become more digital as well as the trend for organizations to improve their data protection. The number has increased 58% from the same report last year, as organizations attempt to gain more control of who has access to critical data, concludes ComputerWeekly.