SecZetta CEO David Pignolet shares his 2021 security predictions.
Solutions Review tries to share as many cybersecurity predictions and expert perspectives for our IT decision-making audience. Some of them we published as a part of the Cybersecurity Insight Jam, and some we publish independently.
SecZetta CEO David Pignolet Shares 2021 Security Predictions
1) Clearer Path to Cybersecurity Measurement
Cyber risk assessments provide organizations with greater self-awareness around potential threats. Knowing where an organization’s weaknesses lie can give leaders a better idea of which security areas to grow and invest in. Some industries, such as financial services and healthcare with various regulatory requirements, often have a legal obligation to perform routine cyber risk assessments. As more organizations adopted cloud-based applications, especially during this past year, to accommodate remote workers and enable business innovation and scalability, security leaders recognized the need to make risk assessment a top priority. With 59% of all data breaches a result of third parties, the simplest path to how risk is measured will be the process of onboarding identity to remote access. Third-party identity risk solutions, requiring stricter guidelines to provisioning, verifying, and deprovisioning access of non-employee populations (vendors, partners, contractors, freelancers, as well as “things”), make this possible and will need to be built into every organization’s cyber risk assessment strategy for more secure measures to protect against even greater threats in 2021.
2) Identity Proofing as the New Cybersecurity Safeguard
Research shows there has been a large increase in the number of ransomware attacks over the course of 2020, with the majority of them a direct result of cyber-criminals leveraging issues related to COVID-19. As these attackers become more sophisticated in how they operate to maliciously compromise and/or take control of business networks, enterprises must be more diligent in who they allow access to facilities, data, and systems. With an ever-expanding number of third-party users (contractors, vendors, partners, etc.) being utilized to quickly and cost-effectively meet operational needs, there’s a new imperative for businesses to prove these people are, in fact, who they claim to be. In the coming year, expect to see businesses (especially in highly regulated industries like healthcare, manufacturing, insurance, and financial services) adopt identity proofing programs to easily invoke large scale or individual identity verification during the onboarding process (or at any time throughout the identity lifecycle) to better protect critical assets.
3) Non-Human Workers as the Next Biggest Threat
Organizations typically apply access controls to humans (employees, contractors, etc.) to safeguard their data from cyber-attacks and data breaches. But an even bigger threat is the growing number of non-human workers, particularly as global organizations increasingly prioritize cloud computing, DevOps, and IoT. As we emerge from the pandemic in the coming year and more organizations invest in digital transformation initiatives, those that neglect to include non-human workers in a well-defined identity lifecycle risk and management process will find themselves in a vulnerable position.
4) Remote Workers: The Sitting Duck for Cyber Attacks
According to a recent Acronis Cyberthreat Report, 31% of global companies reported daily cyber-attacks in 2020, with the majority of these attacks attributed to remote workers as cyber-criminals target less secure systems outside the corporate network to access an organization’s data. Looking forward, we anticipate these attacks on remote workers will become an increasingly common practice. To combat these risks, companies will put renewed emphasis on finding holes in their identity strategy and tapping third-party identity risk solutions that provide organizations with a comprehensive set of capabilities to improve the operational efficiency and reduce the cost and risk of managing third party identities. These solutions provide organizations with better transparency into the dynamic relationships they have with each individual third-party identity, and enable them to make well-informed, risk-based decisions about provisioning, verifying, and deprovisioning access.
5) Getting Personal with Third-Party Identity Risk Management
Organizations realize they take on increased security risks the moment they provision access to third parties and are typically diligent about measuring that risk. But what about the lifecycle events and actual behavior of an identity for a third party who once had access to data, but now no longer needs that access after a specific project is completed? Identity risk needs to be considered at every step in a third party relationship lifecycle, from provisioning to deprovisioning of access in a timely fashion. By considering the third-party identity lifecycle, and with the proper technology in place to manage every human and non-human identity (which many times is a greater number than actual employees) — organizations have greater control and visibility of their highest risk identities.
6) Assigning an Identity Risk Management Leader will Become a Top Priority for Businesses
Another area of cyber risk for organizations is the overlapping ownership of third-party identity risk management. The Chief Risk Officer (CRO) or Chief Information Security Officer (CISO) is usually responsible for identifying, monitoring, and mitigating internal and external risks. In practice, third-party identities are often loosely managed via ad hoc processes, sometimes involving a collection of spreadsheets, databases, and tools. Many CRO/CISOs share the burden of managing these identities with other cross-functional teams and stakeholders who are not well equipped to manage risk, such as HR, Procurement, and IT. It’s time for businesses to make third-party identity risk a top priority; this buy-in needs to come from the top-down with a designated leader overseeing this initiative to ensure the integration and collaboration of all parties involved across the organization.
Latest posts by Ben Canner (see all)
- Identity Management Experts’ Commentary on the Pixlr Data Exposure - January 21, 2021
- User and Non-User Identities in Your Network: Securing Both is the Key - January 19, 2021
- Solutions Review Releases 2021 Buyer’s Guide for Biometric Authentication - January 13, 2021