Identity and access management immaturity cause security incidents

Ponemon Institute finds only 16% of enterprises have fully mature programmes; 56% average three identity-related data breaches in last two years.

Saviynt and Ponemon Institute have released the inaugural State of Enterprise Identity research report. The findings emphasise the modern identity security challenges that enterprises face in the digital era, and underscore the importance of comprehensive Identity and Access Management (IAM) strategies to dramatically reduce security risks that often lead to costly data breaches, cyber attacks, and regulatory compliance missteps.

According to research findings, only 16% of respondents (and just 15% of EMEA-based respondents) have a fully mature IAM strategy in place, which is characterised by fully operating programmes, skilled workers, and C-level and board executive awareness. The remainder are currently dealing with inadequate budgets, programmes stuck in a planning phase, and lack of senior level awareness.

As IAM programmes fail to get off the ground, the number of digital identities continues to skyrocket, creating complex enterprise environments that require new strategies, investments, and technology to close security gaps. In fact, over the past two years, more than half (56%) of respondents claim their business had an average of three data breaches or other access-related security incidents. Further, 52% of these respondents claim the breach was due to lack of comprehensive identity controls or policies.

“We’ve found that most enterprise IAM programmes have not achieved maturity, leaving companies struggling to reduce identity and access related risks,” said Jeff Margolies, Chief Strategy Officer, Saviynt. “Our research findings should serve as a wake-up call to C-level executives and security leaders: the absence of a modern IAM programme fuels the risk of rising identity and access-related attacks, and their financial consequences.”

Limited visibility and inadequate controls have become the new normal

Enterprise-wide visibility is critical to reducing risks in privileged user access yet today’s complex enterprise ecosystems only impede transparency. According to findings, only 35% of respondents are confident that they can determine privileged users are compliant with policies. That same percentage (35%) have high confidence in the effectiveness of current security controls preventing internal threats involving the use of privileged credentials. The number one reason for lack of confidence in achieving visibility of privileged user access is stated by 61% of respondents, citing that they cannot keep up with the changes occurring to their IT resources.

Beyond the lack of confidence in user access controls, there are compliance and regulation issues to address. Data shows that 46% of respondents (and 43% of those in EMEA) say their business failed to comply with regulations because of access-related issues. Beyond lawsuits and fines, many victims have suffered from loss of revenue, customers, and reputation, but almost two-thirds of respondents (64%) say downtime was the biggest consequence of compliance failures.

“While these numbers certainly raise concerns, our research also shows that many organisations are recognising the benefits of a converged identity platform, which combines multiple identity management capabilities into a single cloud solution to unify controls, improve visibility, and reduce risk. In fact, 71% of respondents are actively considering, or plan to adopt, converged identity governance & administration (IGA) and privileged access management (PAM) solutions to reduce costs and provide frictionless access to enterprise resources,” continued Margolies.

Additional key report findings:

EMEA organisations behind the curve on IAM

EMEA organisations are slightly behind their US counterparts; only 15% describe their approach to IAM as mature

42% of EMEA respondents admitted inadequate ID controls and policies had caused compliance failures

Compared to US organisations, EMEA-based companies are less likely to face lawsuits (19% vs 36%) or regulatory fines (23% vs 32%) as a result of non-compliance, but they are more likely to lose customers (54% vs 45%)

Automation can ease the identity management burden

56% claimed that granting and enforcing privileged user access rights required too much staff to monitor and control

51% are unable to keep pace with the number of access change requests

The power of the cloud (and IAM)

52% say their organisations’ cloud transformation programme is already integrated with their IAM strategy

51% have seen an improvement in their IAM effectiveness

Remote & hybrid workers still present security risks

Only 28% of respondents say their organisations are determining if remote workers are securely accessing the network

37% report the number one step to secure the hybrid, remote workforce is screening new employees

Hibernian FC is delighted to announce an innovative multi-year partnership with Acronis, the global leader in cyber protection, and Dunedin IT, one of Scotland's most trusted and experienced technology and connectivity providers providing end-to-end services.
Latest Prisma Cloud platform updates help organizations continuously monitor and secure web applications with maximum flexibility.
Despite the uptick in conversations about the importance of a secure password, half of the country’s workforce have a memorable word written in a notepad on their desk – with an astonishing 95% storing it on an easily accessible device.
Orange Cyberdefense will work with NightDragon portfolio companies to infuse technology into high-value security services to help customers stay ahead of threats.
Kyndryl and Veritas Technologies have formed a global partnership to help enterprises protect and recover their critical data across multi-cloud environments.
John B. Sanfilippo and Son, Inc (JBSS), one of the largest nut producers in the world, has adopted Cyren Inbox Security to proactively combat ransomware threats and meet evolving cybersecurity insurance requirements.
A global IT security and compliance survey of 800+ IT professionals found that the rate of IT security incidents increases the more Microsoft 365 security features are used. Conducted by Hornetsecurity, a leading security and backup solution provider for Microsoft 365, the survey findings were released at Infosecurity Europe 2022, being held this week at ExCel London.
A community effort designed to give back to aspiring cybersecurity professionals and increase industry-wide diversity through knowledge sharing and networking.