As Australia prepares for mandatory data breach notification, cybersecurity leader Centrify suggests six steps to stop small security gaps allowing big hacks in 2018
Centrify, the leader in securing hybrid enterprises through the power of identity services, has warned that small security gaps risk increasingly large and frequent data breaches in the enterprise during 2018.
Centrify Senior Director APAC Sales Niall King said the problem was that corporate defences were failing to keep pace with evolving threats. “Developments such as Crime-as-a-Service and the Internet of Things are allowing bad guys to run rings around legacy defence systems,” he said.
“Cybercriminals are better organised and the tools they use are more easily available while the plethora of Internet-connected devices increases the attack surface of both homes and businesses. On top of that, the 2017 Verizon Data Breach Investigations Report (DBIR) revealed that four out of five (81 per cent) of hacking-related breaches leverage either stolen and/or weak passwords.
“As Australia faces mandatory data breach notification from February next year, businesses need to recognise that small security gaps – like re-using or retaining old passwords – can have huge security consequences when a data breach is revealed. Earlier this year, Equifax saw its share price drop by 13 per cent within a day of revealing a data breach while last year Yahoo suffered a $350 million cut in its sale price to Verizon after reporting data breaches affecting one billion accounts.
“The only solution for enterprises is to implement systems that guarantee that the smallest security gaps are plugged – while systems remain accessible enough to allow employees to do their jobs. This is the essence of Centrify’s recommended security approach of moving towards a Zero Trust Security model.”
Centrify is a global leader in the cybersecurity industry. Last month, leading industry analyst firm Forrester Research Inc. named Centrify a “Strong Performer” for Enterprise Mobility Management in The Forrester Wave™: Enterprise Mobility Management, Q4 2017 report, available for download by clicking here. Centrify was the only vendor recognised as a “Leader” in Identity-as-a-Service (IDaaS)¹ and Privilege Identity Management (PIM) Waves² and was cited as a “Strong Performer” for Enterprise (EMM).
Centrify recommends six steps for organisations to implement best practice security that can protect confidential data against assaults by cybercriminals and disgruntled former employees:
- Extend your common security model to leverage existing security processes and technologies as your organisation moves into the cloud
- Consolidate identities by using use existing identities, such as Active Directory and federated login, to give existing user identities within your enterprise directory the rights to access a cloud service. This avoids issues of identity sprawl, identity duplication and synchronisation
- Enforce accountability by requiring users to log into anonymous shared accounts using their individual accounts, so all activities across the hybrid enterprise can be tied to an individual user
- Implement least privilege access so users receive just enough privilege to do the task at hand.
- Audit everything by logging and monitoring both authorised and unauthorised user sessions, including video recording of all privileged login sessions, and
- Use MFA Everywhere: Best practice is to use multi-factor authentication (MFA) everywhere, so users must confirm their identities with an out-of-band factor like a push notification to a pre-enrolled mobile device before certain actions are performed. This increases identity assurance and prevents attackers using compromised credentials to further exploit enterprise networks.
Mr King said these six security strategies were embedded in the Centrify Identity Platform.
For Centrify media assistance in Australia and New Zealand, call John Harris on +61 8 8431 4000 or email email@example.com.
Centrify redefines security from a legacy static perimeter-based approach to protecting millions of scattered connections in a boundaryless hybrid enterprise. Centrify provides a single platform to secure each user’s access to apps and infrastructure through the power of identity services. This is Next Dimension Security in the Age of Access. Centrify is enabling more than 5000 customers, including more than half the Fortune 50 in the US, to defend their organisations. To learn more visit www.centrify.com.
The Breach Stops Here.
Centrify is a registered trademark and Centrify Server Suite, Centrify Privilege Service and Centrify Identity Services are trademarks of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners.
- Centrify Achieves Another Year of Record Sales and Accelerated Growth Company Grows to more than 4500 Paying Customers Representing Largest Market Share in Industry Segment Centrify Corporation, the leader in Unified Identity Services across data ce...
- Centrify delivers industry’s first federated privileged access service to protect enterprises with outsourced IT Cloud-based security solution minimises an organisation’s attack surface by governing and securing federated access by outsourced IT, vendors and other third parties Centrif...
- Study reveals consumer trust gap on security After massive Australian data breach, survey shows inadequate security hurts company reputations and bleeds customer relationships Centrify Chief Product Officer Bill MannCentrify...
- March Privacy Act changes smell of SOX Australian organisations risk financial and reputational damage if they fail to meet the challenges of this year’s Australian Privacy Act changes warns Centrify Regional Director A...