Rapid changes in technology are enabling businesses to gather more information, perform more detailed data analysis and serve customers in ways no one would have imagined possible a decade ago. However, these advancements can also create troubling security vulnerabilities and increase the risk for massive data breaches.
With 2019 set to be one of the worst years in history for security incidents, IT and cybersecurity experts need to consider how new trends in identity and access management (IAM) may provide added protection for sensitive personal and business data against an ever-increasing range of security threats.
The Worst Year Ever for Data Breaches?
The first half of 2019 saw over 4.1 billion records exposed in data breaches of various sizes. Three of the breaches rank among the 10 largest incidents of all time, and the business sector accounted for 85% of exposed records. Eight of the breaches occurring the first and second quarters of the year exposed 100 million or more records each, amounting to 3.2 billion records overall.
According to the 2019 MidYear QuickView Data Breach Report from Risk Based Security, these shocking totals represent a 54% year-over-year increase in breaches and a 52% increase in the number of records exposed. Although most of the data didn’t include personal information such as Social Security numbers, 70% of records consisted of email addresses, and 64% contained email passwords. Hackers gaining access to this information could use it to send phishing messages from legitimate accounts and easily spread malware throughout business networks.
Small businesses aren’t immune to the increase in breach activity. While there were a number of large breaches, the majority of events exposed 10,000 or fewer records, and unsecured databases were the most common cause. This shatters any illusion smaller companies may have about whether strong security protocols and routine security and access audits are really necessary.
Breach News: A Recent Overview
A quick look at security headlines reveals consistent problems with data breaches across industries. One of the most recent, announced by Capital One on August 4, 2019, occurred between March 22 and 23, 2019 and compromised customer information dating back to 2005. Data included customers’ names, addresses, bank account numbers, account balances, credit scores and credit limits, as well as both U.S. Social Security numbers and Canadian Social Insurance numbers.
The web hosting company Hostinger was also recently subject to a breach, which affected as many as 14 million users. Hackers gained access to hashed password, email address and username data. Hostinger responded by resetting the passwords on every user account and upgrading the algorithm the company uses to hash sensitive data.
Other well-known companies, including State Farm, CafePress and Quest Diagnostics, have also been targets for data theft in recent months, which shows no company can consider itself safe from malicious third parties. The health care sector is particularly vulnerable, which is made evident by breaches at organizations such as Grays Harbor Community Hospital, NCH Healthcare, Medico and Amarin Pharma. From phishing to ransomware, these entities have fallen victim to common security issues, many of which can be addressed through better access management.
2020 IAM Trends to Watch
In the wake of such a large wave of security incidents, new trends are emerging. Some are updates of current IAM protocols, but others represent significant changes in the way businesses manage user identities and network access. IT professionals should consider how these developing and evolving trends could reduce vulnerabilities and provide better data protection:
• Adoption of blockchain-based self-sovereign identities and decentralizing identity data storage
• Switching from two-factor authentication to “n-factor,” the use of as many identifiers as necessary to ensure security in enterprise networks
• Using big data analytics in tandem with artificial intelligence and machine learning to establish flexible, attribute-based access control (ABAC) and prevent unauthorized access by identifying deviations in user behavior and reacting in real time,
• Incorporating identity analytics to improve provisioning and offer better visibility of how data is used once access is granted
• Moving away from the principle of least privilege to provide all users with access to non-critical resources, applications and data, which allows more focus to be placed on protecting critical digital assets
• Utilizing edge computing to move security activities away from central databases and provide better coverage for internet of things (IoT) devices
• Addressing the inherent security issues with biometric identification as an increasing number of businesses adopt biometric authenticators
These trends and tools offer potential solutions for closing security gaps and shielding sensitive data, but proper implementation is essential in order for businesses to realize the full benefits of a robust security protocol. Continuing assessments, routine security audits and instruction in how to apply better IAM tactics in a variety of use cases can help business owners and executives make proactive decisions to keep digital assets safe.