![\"SecZetta](\"https:\/\/solutionsreview.com\/identity-management\/files\/2019\/06\/2019-MODDED.jpg\")
<\/p>\n<\/p>\n
SecZetta CEO David Pignolet shares his 2021 security predictions.<\/p>\n
Solutions Review tries to share as many cybersecurity predictions and expert perspectives for our IT decision-making audience. Some of them we published as a part of the Cybersecurity Insight Jam, and some we publish independently.<\/p>\n
As a part of the latter, we present SecZetta<\/a> CEO David Pignolet and his 2021 security predictions. Here’s what he had to say about cybersecurity, identity management<\/a>, and more.<\/p>\n Cyber risk assessments provide organizations with greater self-awareness around potential threats. Knowing where an organization\u2019s weaknesses lie can give leaders a better idea of which security areas to grow and invest in. Some industries, such as financial services and healthcare with various regulatory requirements, often have a legal obligation to perform routine cyber risk assessments. As more organizations adopted cloud-based applications, especially during this past year, to accommodate remote workers and enable business innovation and scalability, security leaders recognized the need to make risk assessment a top priority. With 59% of all data breaches<\/a>\u00a0a result of third parties, the simplest path to how risk is measured will be the process of onboarding identity to remote\u00a0access. Third-party identity risk solutions, requiring stricter guidelines to\u00a0provisioning, verifying, and deprovisioning access of non-employee populations (vendors, partners, contractors, freelancers, as well as \u201cthings\u201d), make this possible and will need to be built into every organization\u2019s cyber risk assessment strategy for more secure measures\u00a0to protect against\u00a0even\u00a0greater threats<\/a>\u00a0in 2021.<\/p>\n Research<\/a> shows there has been a large increase in the number of\u00a0ransomware\u00a0attacks over the course of 2020, with the majority of\u00a0them\u00a0a\u00a0direct result of cyber-criminals leveraging issues related to\u00a0COVID-19. As these attackers become more sophisticated in how they operate to maliciously compromise and\/or take control of business networks, enterprises\u00a0must\u00a0be more diligent in who they allow\u00a0access to facilities, data, and systems. With an ever-expanding number of\u00a0third-party\u00a0users (contractors, vendors, partners, etc.) being\u00a0utilized\u00a0to quickly and cost-effectively meet operational needs,\u00a0there\u2019s a new\u00a0imperative for businesses to prove these people are, in fact, who they claim to be.\u00a0In the coming year, expect to see businesses\u00a0(especially in highly regulated industries\u00a0like\u00a0healthcare, manufacturing, insurance, and financial\u00a0services) adopt identity proofing programs to easily\u00a0invoke\u00a0large scale or individual\u00a0identity verification\u00a0during the onboarding process (or at any time throughout the identity lifecycle) to better\u00a0protect critical assets.<\/p>\n Organizations typically apply access controls to humans (employees, contractors, etc.) to safeguard their data from cyber-attacks and data breaches. But an even bigger threat is the growing number of non-human workers, particularly as global organizations increasingly prioritize cloud computing, DevOps, and IoT. As we emerge from the pandemic in the coming year and more organizations invest in digital transformation initiatives, those that neglect to include non-human workers in a well-defined identity lifecycle risk and management process will find themselves in a vulnerable position.<\/p>\n According to\u00a0a recent\u00a0Acronis Cyberthreat Report<\/a>,\u00a0<\/b>31% of global companies reported daily cyber-attacks in 2020, with the majority of these attacks attributed to remote workers as cyber-criminals target less secure systems outside the corporate network to access an organization\u2019s data. Looking forward, we anticipate these attacks on remote workers will become an increasingly common practice. To combat these risks, companies will put renewed emphasis on finding holes in their identity strategy and tapping third-party identity risk solutions that provide organizations with a comprehensive set of capabilities to improve the operational efficiency and reduce the cost and risk of managing third party identities. These solutions provide organizations with better transparency into the dynamic relationships they have with each individual third-party identity, and enable them to make well-informed, risk-based decisions about provisioning, verifying, and deprovisioning access.<\/p>\n Organizations realize they take on increased security risks the moment they provision access to third parties\u00a0and\u00a0are\u00a0typically diligent about measuring that risk. But what about the lifecycle events and actual behavior of an identity\u00a0for\u00a0a third party who once had\u00a0\u00a0access to data, but now\u00a0no longer needs that access after\u00a0a specific project is completed? Identity risk needs to be considered at every step in a third party relationship\u00a0lifecycle, from provisioning to deprovisioning of access in a timely fashion. By considering the third-party identity lifecycle, and\u00a0with\u00a0the proper technology in place to manage every human and non-human identity\u00a0(which many times is a greater number than actual employees) — organizations have greater control and visibility of their highest risk identities.<\/p>\n Another area of cyber risk for organizations is the overlapping ownership of third-party identity risk management. The Chief Risk Officer (CRO) or Chief Information Security Officer (CISO) is usually responsible for identifying, monitoring, and mitigating internal and external risks. In practice, third-party identities are often loosely managed via ad hoc processes, sometimes involving a collection of spreadsheets, databases, and tools. Many CRO\/CISOs share the burden of managing these identities with other cross-functional teams and stakeholders who are not well equipped to manage risk, such as HR, Procurement, and IT. It\u2019s time for businesses to make third-party identity risk a top priority; this buy-in needs to come from the top-down with a designated leader overseeing this initiative to ensure the integration and collaboration of all parties involved across the organization.<\/p>\n Thanks to SecZetta<\/a> CEO David Pignolet for his 2021 security predictions. For more information, check out our Identity Management Buyer’s Guide<\/a>.<\/p>\n SecZetta CEO David Pignolet shares his 2021 security predictions. Solutions Review tries to share as many cybersecurity predictions and expert perspectives for our IT decision-making audience. Some of them we published as a part of the Cybersecurity Insight Jam, and some we publish independently. As a part of the latter, we present SecZetta CEO David […]<\/p>\n","protected":false},"author":41,"featured_media":4453,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5,1],"tags":[1573,142,16,1610,76,425,181,1609,1101],"acf":[],"yoast_head":"\n
Widget not in any sidebars
\nSecZetta CEO David Pignolet Shares 2021 Security Predictions<\/strong><\/h2>\n
1) <\/b>Clearer Path to Cybersecurity Measurement<\/b><\/h3>\n
2) <\/b>Identity Proofing as the New Cybersecurity Safeguard<\/b><\/h3>\n
3) <\/b>Non-Human Workers as the Next Biggest Threat<\/b><\/h3>\n
4) <\/b>Remote Workers: The Sitting Duck for Cyber Attacks<\/b><\/h3>\n
5) <\/b>Getting Personal with Third-Party Identity Risk Management<\/b><\/h3>\n
6) <\/b>Assigning an Identity Risk Management Leader will Become a Top Priority for Businesses<\/b><\/h3>\n
<\/div>\n
Widget not in any sidebars
\n","protected":false},"excerpt":{"rendered":"