This week Gartner is hosting the Identity and Access Management summit in Las Vegas. Kicking off November 29th, the event will focus on the top security issues facing Identity and Acess Management or ‘IAM’ leaders and architects. The Las Vegas summit follows the Gartner Symposium and ITXpo event earlier this month that brought together thousands of CIO’s and IT thought leaders from around the globe. Intel’s Tom Garrison, Vice President of Business Client Platforms, traveled to the event getting up to speed on the challenges and obstacles IT leaders face in the digital era and will be sharing his insights this week in Las Vegas. You can read more about the Gartner Symposium sessions in Barcelona and learn about Intel’s role in digital workplace transformation on the IT Peer Network.
Security in the digital workplace was a key concern for the top IT leaders who gathered in Barcelona. So it’s not surprising that the Gartner event this week will solely focus on IT security, taking a deeper dive into potential threats and how to prevent an attack. Intel’s Tom Garrison will be presenting his session, entitled ‘Identity Protection for the Digital Age’ on Wednesday November 30th at 3:15pm PST. Tom was generous enough to take time out to answer a few questions on the subject as he preps for his upcoming session. Below he examines the anatomy of a data breach, the estimated costs to the enterprise and the best strategies to prevent an attack. Thanks Tom!
What are the top security threats that IT security leaders need to focus on for 2017?
The biggest IT security threats in 2017 are data breaches mainly perpetrated by hackers gaining network access and stealing data. Breaches begin with a compromised identity, usually a stolen username or password combination or via a phishing attack. Once inside the network, malware then finds and steals the data, often leaving holes open for future theft.
What are the estimated costs associated with a security breach?
The estimated costs of data breaches are staggering. The 2016 Verizon Data Breach Report estimated that a data breach of 100M records ranges from $5M to $15.6M per breach, with ITRC’s 2015 data breach survey concluding that there was $2.9B in damages to business and brand in 2015 alone. Cybersecurity Ventures predicts this number to grow to over $6T in total cybercrime damage by 2021. The frequency and costs of security breaches are growing exponentially.
Is there a cause that has been identified as a key contributing factor to the rise in breaches?
The 2015 Verizon Data Breach Investigation Report estimated that more than 60% of corporate breaches are tied to compromised identity with a key culprit being stolen username and passwords or misused credentials. Organizations that are using single factor authentication, like username and password only, are at extreme risk of attack. A firm’s employees can also play a big role in this as well as phishing attacks obtain Username and password combinations by asking the employee to provide them in response to an official looking email. There are software-only solutions offering enhanced protection from hacking, but the US Dept. of Homeland Security estimates that 90% of cybercrime incidents result from hackers exploiting software. Unfortunately, many IT departments are simply not innovating fast enough to keep up with the growing pace and sophistication of the cybercriminals.
What are the top strategies to proactively prevent a security breach?
A cybersecurity strategy in this environment must comprehensively address each phase of the breach, 1) compromised identity 2) malware operating within the network 3) exfiltration of unprotected data 4) compromised PCs continuing to operate within the environment.
Identity protection must be implemented requiring users to provide multiple factors of authentication to access the network. IT managers can create a policy that requires an employee to provide something they know (i.e. a username/password), something they have (i.e. like the Bluetooth signal from their phone) and something they are (i.e. a fingerprint, iris, or facial scan).
Additionally, IT managers needs to implement threat detection and anomaly detection capabilities to quickly identify and detect malware once it has made its way into the environment. It is also critical that infected machines are able to be returned to a known safe state once infected. We call this system ‘Protect, Detect, Correct.’
Which solutions does Intel recommend to help IT security professionals avoid a potential threat?
Security solutions embedded in the hardware or end-user devices provide the best level of protection. Intel® Authenticate, for example, provides a true multifactor authenticate solution built into 6th Generation Intel® Core™ business platforms. This is the basis of Intel’s cybersecurity strategy – to provide hardware based solutions enabling the highest level of security to Protect, Detect, and Correct intrusions into our customer’s networks.
Can’t attend the Gartner Identity and Access Management event this week? Be sure to follow @IntelITCenter as we will be posting real-time updates, a link to Tom’s presentation and other key insights throughout the summit. You can also follow myself, @LisaPeyton and Tom Garrison, @TomMGarrison on Twitter to get the latest IT news from Intel.