Reevaluate Your Cybersecurity Spend in 2017

Without a doubt, the most frustrating fact I face every day is this: Companies spend a meager 4.7% of their total security budgets on identity and access management (IAM) – while compromised identities are responsible for 80 percent of all data breaches. Eighty percent. This glaring disconnect is almost more than I can wrap my head around. Here’s the math: According to Gartner’s “Forecast: Information Security, Worldwide, 2015-2021, 2Q17 Update,” in 2015, companies spent nearly $84 billion on security. Approximately 4.7 percent of that ($4 billion) went towards identity and access management. This year, the total security spend is projected to…

Equifax Breach Shows Firms Still Aren’t Getting the Basics Right Ahead of GDPR Deadline

As each week brings the 25 May 2018 deadline for GDPR compliance closer to hand, we seem to be faced with yet another report highlighting poor levels of preparedness among organisations. Recent findings reveal that an astonishing 64% of UK firms have not yet begun preparations for the sweeping new data protection law. Yet as shocking as these stats are, a far more effective way to focus the minds of IT security and business leaders is to highlight some recent big-name data breaches and consider how the companies affected would have been treated in a post-GDPR world. For Equifax, there’s particularly…

The Equifax Disaster: Technical Controls — ICIT’s Synopsis of America’s In-Credible Insecurity

The following excerpts are from the Technical Controls section of Part-1 of the ICIT Equifax report entitled “America’s In-Credible Insecurity,” written by James Scott, Sr. Fellow, Institute for Critical Infrastructure (ICIT). Technical Controls Data Encryption Data should be protected according to its value and the potential harm that would result if it were stolen. Encryption does not prevent adversaries or insiders from exfiltrating data; however, it does deter or prevent attackers from exploiting the stolen data unless they spend significant additional resources breaking the encryption or stealing the decryption keys. Data Loss Prevention Data loss prevention is the employment of…

4 Tips to Stay Safe Online for National Cybersecurity Awareness Month

Help! I Love the Internet, But My Identity and Data Are Up For Grabs — Should I Just Unplug?! In honor of National Cybersecurity Awareness Month, we at Centrify are doing what we can to help you to be #CyberAware. The theme for the first week is around simple steps to online safety. Have you ever considered how to protect your privacy or identity while “online”? Have you noticed over the last few years how many times your data has been stolen or exposed by hackers? Have you observed that most of these breaches were from systems where you were…

The Equifax Data Breach Disaster: ICIT’s Synopsis of America’s In-Credible Insecurity

The following are some of the key points excerpted from Part One of the ICIT Equifax report entitled “America’s In-Credible Insecurity,” written by James Scott, Senior Fellow, Institute for Critical Infrastructure. This polemic 32-page report is an essential read for security practitioners, executives with responsibility for data security and privacy and a profound warning for CXO’s and board-executives in companies with responsibility for protecting Personally Identifiable Information, (PII). The recommendations offered in this ICIT report can help consumers and organizations alike mitigate some of the emerging attack vectors and regain a semblance of control over their identity, sensitive information and…

Equifax Data Breach: Stock Drops More Than Five Percent

Equifax announced today that it was hit by a cyber security incident, potentially impacting 143 million consumers in the U.S. According to the company’s press release, “criminals exploited a U.S. website application vulnerability to gain access to certain files.” The “information accessed primarily includes names, Social Security numbers, birth dates, addresses… [and] credit card numbers.” After news of the breach broke, Equifax’s stock price dropped five percent. This is directly in line with a recent Centrify-commissioned Ponemon study, which found this to be the historic average on Day One. Moreover, Equifax’s stock price dropped 13-14 percent the day after its breach…

IAM Best Practices to Reduce Your Attack Surface

When I read the 2017 Verizon data breach report, I couldn’t help but notice that it would be relatively easy to reduce an attack surface by implementing a few best practices. Granted, that might mean you will need to spend some money, but considering that a breach could cost you $15 Million or more, according to Ponemon, and considering that 81% of breaches involve a weak or stolen password, wouldn’t it make sense spending your money where it has the most impact? Organizations need to reduce their attack surface! Now before I share tips provided by Verizon and Centrify on how you…

Reflecting on Centrify’s Rethink Security Approach

In the last 12 months, Centrify is the only company to be acknowledged for it’s  vision and leadership in the Gartner Magic Quadrant for Identity and Access Management-as-a-Service,  The Forrester Wave: Privileged Identity Management, and in the Gartner Critical Capabilities for IDaaS Research for Workforce to SaaS, 2016. These acknowledgements demonstrate our growing influence in the industry with a unique point of view for customers who recognize the increased value in securing access for all enterprise identities in one, built from the ground up platform vs. the point solutions offered by others in the industry. Our mantra has been and…

Game of Thrones Hack: Winter Has Come for Passwords

The recent security breach at HBO of confidential data including Game of Thrones scripts, cast personal details and administrator passwords highlights the vulnerability of password-only protection. The breach involved hackers stealing about 1.5 terabytes of data from HBO systems — more than seven times as much as the 200 gigabytes taken in the 2014 Sony hack — including scripts for five Game of Thrones episodes and two unreleased episodes of Ballers and Room 104. Passwords Alone Are Not Enough to Stop the Breach The hackers have reportedly released numerous confidential documents, including one with a list of personal phone numbers,…