Seven tips to reduce data breach risks

A recently commissioned study conducted by Forrester Consulting found that two-thirds of organisations have suffered from data breaches at least five times in the past two years.

The Forrester study found that organisations without a mature Identity and Access Management (IAM) approach experience two times more breaches and $5 million more in costs than those with a mature IAM approach. The study examined four levels of IAM maturity, and found a direct correlation between a mature IAM approach and reduced security risk, improved productivity, increased privileged activity management and greatly reduced financial loss.

It’s clear that traditional approaches are not working, and companies need to completely rethink their security approach. Organisations must employ IAM approaches as well as use integrated IAM technology platforms to reduce security risk in today’s boundaryless hybrid enterprise.

In response to that survey, hybrid cloud security specialist Centrify has shared seven best practices for enterprises to effectively defend their corporate assets from cyber adversaries. In today’s world of access, companies must increase their Identity and Access Management (IAM) maturity to effectively reduce the likelihood of a data breach.

Below are a few best practices for enterprises to improve IAM maturity and reduce security risk:

  1. Consolidate identities: According to Verizon, 80% of breaches are due to compromised credentials. It’s critical to develop a holistic view of all users and strengthen and enforce password policy, or eliminate passwords, where possible.
  2. Enable single-sign-on (SSO): SSO to enterprise and cloud apps, combined with automated cloud application provisioning and self-service password resets, cuts helpdesk time and cost, and improves user efficiency.
  3. Implement multi-factor authentication (MFA) everywhere: MFA, including third parties and the VPN that adapts to user behaviour, is widely acknowledged as one of the most effective measures to prevent threat actors from gaining access to the network and navigating to target systems.
  4. Audit third party risk: Outsourced IT and third-party vendors are a preferred route for hackers to access corporate networks. Conduct audits and assessments to evaluate the security and privacy practices of third parties.
  5. Enforce least-privilege access: Role-based-access, least-privilege and just-in-time privilege approval approaches protect high value accounts, while reducing the likelihood of data loss from malicious insiders.
  6. Govern privileged sessions: Logging and monitoring of all privileged user commands makes compliance reporting a trivial matter and enables forensic investigation to conduct root cause analysis.
  7. Protect the inside network: Network segmentation, isolation of highly sensitive data and encryption of data at rest and in motion provide strong protection from malicious insiders and persistent hackers once inside the firewall.

Related reading