The threat landscape is ever-evolving. This is not a surprise. Nor is the influx in data breaches, given the increasingly porous network perimeter that exists today. Couple this the growing number of passwords that employees need to remember daily, and you can see why hackers are targeting employees (or identities) instead of the network. Given the influx in data breaches just in 2015 alone, organizations have shifted their mindset to not ‘if’ but ‘when’ will a breach impact them. As a result, organizations have shifted from eliminating breaches altogether to preventing and minimizing their exposure, because being on your front foot vs. your back heel is a far better stance when it comes to a potential data breach.
This year, SailPoint’s Market Pulse Survey was designed to measure two aspects of this situation: how employees view their individual role in IT security processes, and what (if any) improvements are being made by organizations to adapt to the new business realities.
Survey data this year hits on two very important, yet very disconcerting points. First – employees are fully aware of how sensitive their personal data is and they want it to be protected. 85% of respondents noted that they’d react if their personal information data was breached.
However, while employees expect companies to protect their personal data, those same users aren’t following sound security practices to ensure their employer’s data is safe. In fact, the basic rule of having a unique password for each application was not being followed by the majority of respondents.
These two survey questions illustrate a surprising disconnect: employees expect their personal information to be protected, but don’t understand how their poor password hygiene potentially exposes their employers to similar breaches.
Proper password policies and automated on- and off-boarding procedures can help to mitigate some of the security risks that come from provisioning and application usage. For example, of those employees we interviewed, more than 2 in 5 people could still access corporate accounts after leaving their last job.
What these data points illustrate is that it takes people + processes + policies to protect your data. If only one of the three are in place, the equation falls flat and your data is most certainly not fully safeguarded. You’ll note that I placed ‘people’ at the front of that equation, and there’s a reason for that. If the most recent data breaches have shown us anything, it’s that no company is safe from attacks, and the method by which information is taken is slowly changing. The commonality across almost every breach is hackers are now targeting the weakest link in the security infrastructure: people.
The key to managing this complex and ever-shifting reality is to manage those identities. Put simply: identity is everything.
I’m going to share more results from this year’s Market Pulse Survey, as well as discuss how companies can better manage their identities, this week. If you’d like to join the webinar, you can register here.