As Australia prepares for mandatory data breach notification, cybersecurity leader Centrify suggests six steps to stop small security gaps allowing big hacks in 2018
Centrify, the leader in securing hybrid enterprises through the power of identity services, has warned that small security gaps risk increasingly large and frequent data breaches in the enterprise during 2018.
Centrify Senior Director APAC Sales Niall King said the problem was that corporate defences were failing to keep pace with evolving threats. “Developments such as Crime-as-a-Service and the Internet of Things are allowing bad guys to run rings around legacy defence systems,” he said.
“Cybercriminals are better organised and the tools they use are more easily available while the plethora of Internet-connected devices increases the attack surface of both homes and businesses. On top of that, the 2017 Verizon Data Breach Investigations Report (DBIR) revealed that four out of five (81 per cent) of hacking-related breaches leverage either stolen and/or weak passwords.
“As Australia faces mandatory data breach notification from February next year, businesses need to recognise that small security gaps – like re-using or retaining old passwords – can have huge security consequences when a data breach is revealed. Earlier this year, Equifax saw its share price drop by 13 per cent within a day of revealing a data breach while last year Yahoo suffered a $350 million cut in its sale price to Verizon after reporting data breaches affecting one billion accounts.
“The only solution for enterprises is to implement systems that guarantee that the smallest security gaps are plugged – while systems remain accessible enough to allow employees to do their jobs. This is the essence of Centrify’s recommended security approach of moving towards a Zero Trust Security model.”
Centrify is a global leader in the cybersecurity industry. Last month, leading industry analyst firm Forrester Research Inc. named Centrify a “Strong Performer” for Enterprise Mobility Management in The Forrester Wave™: Enterprise Mobility Management, Q4 2017 report, available for download by clicking here. Centrify was the only vendor recognised as a “Leader” in Identity-as-a-Service (IDaaS)¹ and Privilege Identity Management (PIM) Waves² and was cited as a “Strong Performer” for Enterprise (EMM).
Centrify recommends six steps for organisations to implement best practice security that can protect confidential data against assaults by cybercriminals and disgruntled former employees:
- Extend your common security model to leverage existing security processes and technologies as your organisation moves into the cloud
- Consolidate identities by using use existing identities, such as Active Directory and federated login, to give existing user identities within your enterprise directory the rights to access a cloud service. This avoids issues of identity sprawl, identity duplication and synchronisation
- Enforce accountability by requiring users to log into anonymous shared accounts using their individual accounts, so all activities across the hybrid enterprise can be tied to an individual user
- Implement least privilege access so users receive just enough privilege to do the task at hand.
- Audit everything by logging and monitoring both authorised and unauthorised user sessions, including video recording of all privileged login sessions, and
- Use MFA Everywhere: Best practice is to use multi-factor authentication (MFA) everywhere, so users must confirm their identities with an out-of-band factor like a push notification to a pre-enrolled mobile device before certain actions are performed. This increases identity assurance and prevents attackers using compromised credentials to further exploit enterprise networks.
Mr King said these six security strategies were embedded in the Centrify Identity Platform.
For Centrify media assistance in Australia and New Zealand, call John Harris on +61 8 8431 4000 or email firstname.lastname@example.org.
Centrify redefines security from a legacy static perimeter-based approach to protecting millions of scattered connections in a boundaryless hybrid enterprise. Centrify provides a single platform to secure each user’s access to apps and infrastructure through the power of identity services. This is Next Dimension Security in the Age of Access. Centrify is enabling more than 5000 customers, including more than half the Fortune 50 in the US, to defend their organisations. To learn more visit www.centrify.com.
The Breach Stops Here.
Centrify is a registered trademark and Centrify Server Suite, Centrify Privilege Service and Centrify Identity Services are trademarks of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners.
- Centrify Delivers Industry’s First Unified Identity Solution for Secure Enablement of Enterprise Mobile, SaaS and BYOD Environments New Centrify Cloud Services Integrate Mobile Device Management, Mobile Application Management and SaaS ‘Zero Sign-On’; Selected by Samsung for Embedding in New Android-based Mobile...
- JMP Securities names Centrify on Fast 50 List Centrify overnight announced it has been named to the JMP Securities Fast 50 list of the hottest privately held security and networking companies in the US. This first annu...
- Centrify appoints King to boost APAC sales Unified identity management leader Centrify is increasing its footprint in Australia, New Zealand and Asia Pacific by recruiting sales channel specialist Niall King to lead its sal...
- Centrify named to JMP Securities 2014 'Hot 100' list of best privately held software companies Centrify Corporation announced overnight it has been named on the JMP Securities ‘Hot 100: The Best Privately Held Software Companies’ list for 2014. The report highlights th...