Paul Revere was perhaps best known for his midnight ride warning of impending British hostilities. He delivered the warning “The regulars are coming in!” which is loosely translated by future history textbook committees to “The British are coming.”
The heroic actions of Paul Revere and his fellow compatriots were triggered as a result of intelligence, notifying the colonists to the fact that the British troops were marching towards Lexington. His actions likely saved countless lives including the lives of Samuel Adams (who went on to build a great beer empire) and John Hancock (who lived to teach us all proper handwriting) among other things.
Fast forward to today. Centrify, the leader in unifying identity management across cloud, mobile and data center, has just released the results of a new research survey on the state of the corporate perimeter, to determine if corporations are as secure as they should be. In a nutshell, this survey should sound a clear and alarming warning that “The hackers are coming in!”
We already know that at the heart of the majority of cyber threats is the malicious acquisition (or unintended misuse) of system or application accounts which provide access to sensitive data, or provide ability to delete or damage critical systems. These accounts are often referred to as “privileged accounts.” Identity and access management is critical to the defense of cyber threats in order to verify and protect access to these privileged accounts. In addition, as organizations expand critical data, IT resources and teams beyond their traditional on-premises networks, identity is becoming the basis for a new type of security perimeter.
In fact, the results of this survey are conclusive. Protecting identity is at the heart of protecting your network and data. In April of this year, Centrify surveyed over 400 IT decision makers in the US and the UK. All respondents work in IT with decision-making responsibility for corporate-wide security. Here are some of the highlights that should serve as a warning to all corporations:
Conclusion #1: Sharing access credentials is pervasive among employees and contractors
- 59% of US ITDMs report sharing access credentials with other employees at least somewhat often.
- Another 52% share access at least somewhat often with contractors.
If those shared credentials provide access to privileged accounts, hackers essentially receive the “keys to the kingdom” — elevated access to an organization’s most critical data, applications, systems and network devices.
Conclusion #2: Former employee access is still a major unresolved issue
- 53% of US ITDMs say it would be at least somewhat easy for a former employee to still log in and access data. In the UK, the number is 32%.
- Half of ITDMs say it can take up to a week or more to remove access to sensitive systems.
These are very troubling numbers that underscore what is widely perceived as a growing gap in security, visibility and control over individual accounts, both privileged and otherwise.
And perhaps the most troubling conclusion:
Conclusion #3: Organizations are far more vulnerable that they care to admit
- 55% of US ITDMs said their organizations had been breached in the past (45% of UK ITDMs)
- 44% of US companies had breaches that together cost millions of dollars (35% of UK companies)
Astonishing numbers. Even the US government has seen an increase in the number of security incidents increase 1200%+ to over 60,000 incidents.
Conclusion #4: ITDMs are sounding the alarm but to little avail
- 48% of US (30% of UK ITDMs) have had to fight their organizations for stricter protocols
- 42% of US (27% of UK ITDMs) have lost the battle for stricter protocols
- 28% of US (40% of UK ITDMs) say security isn’t getting enough attention
Based on our survey the alarm has been sounded and “The hackers are coming in!” Now it is up to corporations to respond and protect their most valuable assets and data lest they be lost to the hackers. This is not happing in some distant geography or different markets than yours; it effects all organizations.
Not only are the hackers actions increasing but our technology and processes are not keeping pace. Luckily, Centrify delivers state of the art technology and solutions to secure both typical end-users as well as privileged users (those users who require access to privileged accounts) from these type of cyber threats resulting in stronger security and compliance, improved business agility and enhanced user productivity. With our platform of integrated software and cloud-based services, Centrify uniquely secures and unifies identity for both privileged and end users across today’s hybrid IT world of cloud, mobile and data center.
Read more about Centrify’s State of the Corporate Perimeter Survey or download the entire survey.