Australia’s mandatory data breach notification law takes effect this month warns Centrify.Australian executives and company directors will face increased professional responsibility for overseeing cybersecurity when
Centrify, delivering Zero Trust Security through the power of Next-Gen Access, notes that recent events demonstrate clearly how publicised data breaches can damage corporate value.
Last year, US credit monitoring agency Equifax saw its share price drop by 13 per cent after it reported a data breach affecting about 143 million Americans. In 2016, Yahoo suffered a $350 million reduction in its sale price to Verizon after reporting two massive data breaches affecting one billion accounts.
Centrify Senior Director APAC Sales Niall King said those incidents alone should grab the attention of executives and directors. “The salient point is that these are not isolated events,” he warns.
“A recent Ponemon Institute study identified that 113 publicly-traded companies lost an average share value of five per cent on the day after a material data breach was disclosed. The study, which included 740 Australians, found that one third of Australian consumers impacted by a data breach reported they had discontinued their relationship with the organisation that experienced the breach.
“The lesson is clear for both executives and directors: As data breaches have a direct impact on an organisation's financial wellbeing, cybersecurity should a priority for the C-Suite.”
Mr King said senior business decision makers could start to comprehend the cybersecurity challenge, and how to formulate appropriate solutions, by demanding answers to six simple questions:
- What is the potential corporate impact of a data breach?
- Who is responsible for preventing data breaches?
- Are the passwords used by our people strong enough?
- What happens when our IT security is breached?
- What happens to security credentials when someone leaves our company?
- How prepared is our organisation for mandatory data breach reporting?
Mr King said companies with a high security posture typically had a senior-executive Chief Information Security Officer (CISO) responsible for ensuring that information assets and technologies were protected. “Rather than funding cybersecurity from the standard IT budget, mature organisations allocate an adequate budget for staffing and investment in enabling security technologies,” he said.
Mr King added the C-Suite should recognise that passwords alone could not adequately protect confidential data. “No matter how complex nor how frequently changed, passwords alone are never strong enough to deter a determined hacker - or a disgruntled employee,” he said.
“Passwords are more of a problem than a solution. According to a 2016 Forrester report, 80 per cent of data breaches leverage privileged credentials to gain access to the organisation. That statistic should send shivers down your spine.
“Centrify believes that companies need to adopt a Zero Trust security model which centres on the concept that users inside a network are no more trustworthy than users outside the network. This requires systems such as Multi-factor authentication (MFA) - which mandates a second step to confirm your identity, such as a text-to-mobile verification code – to better protect your data and to deter intruders.
“As well as using MFA to verify identity, organisations should reduce their ‘attack surface’ by using privileged access management to give users access only to the privileges, systems and data required to do their jobs. This tightly manages lateral access, so that if an intruder does gain illicit entry to your system, their ability to move around your network to inflict damage is severely restricted.”
Mr King said business leaders needed to assume that data breaches were a case of “when” not “if”. “This provides a much more realistic posture towards today’s technology threat environment,” he said.
“If you never experience a data breach, then, well done you. However, if you do, then a strategy to contain the damage will pay for itself many times over. If the worst does happen, then proactive investment in cybersecurity is your best protection.”
Centrify delivers Zero Trust Security through the power of Next-Gen Access. Centrify verifies every user, validates their device and limits the amount of access and privilege to resources while continually learning & adapting. Centrify Next-Gen Access is the only industry-recognised solution that uniquely converges Identity-as-a-Service (IDaaS), enterprise mobility management (EMM) and privileged access management (PAM.) Over 5,000 worldwide organisations, including over half the Fortune 100 in the US, trust Centrify to proactively secure their businesses.
Centrify is a registered trademark and Centrify Server Suite, Centrify Privilege Service and Centrify Identity Services are trademarks of Centrify Corporation in the United States and other countries. All other trademarks are the property of their respective owners.
- Centrify’s unified identity solution secures access to enterprise social media and shared accounts Centrify’s Identity-as-a-Service solution protects enterprises’ Twitter, Facebook, LinkedIn, Pinterest, Google+, Instagram and other shared accounts from internal threats and unaut...
- Centrify brings Zero Trust to DevOps Centrify Zero Trust Security scales adoption of secure DevOps (development and operations) by integrating Next-Gen Access controls into application development pipelines Centrify ...
- On-demand ease exposes weakness Today, we demand access to information no matter the device, location or time. However, this on-demand mentality, in particular with Cloud services, exposes the enterprise to new r...
- Centrify debuts industry’s first Australian-hosted cloud service for Identity and Access Management Strong customer demand and the drive to meet Australian data sovereignty requirements drives further international expansion of Centrify’s cloud service Centrify, the leader...