Cyber attacks, and cyber security failings, have continued to dominate headlines in recent years.
Sony, VTech, Talk Talk, and the Australian Bureau of Statistics are just a small number of high profile organisations exposed to cyber breaches.
Yesterday, Okta (an identity management firm) released a report that highlighted just how concerned IT leaders were with the current cyber situation.
Cyber security systems are, it would appear are losing on the digital battlefield.
Information Age spoke to David Baker, chief security officer at Okta, about this survey and the future of the cyber security industry.
Were the results of the report shocking, or expected (given increased business connectivity)?
We don’t see the results as shocking, per se. But certainly interesting, especially because the results and trends are analogous to where many similar enterprises in the U.S. were as recently as the last two years.
>See also: What can we learn from some of the most devastating cyber attacks?
It is actually very encouraging to see enterprises in the surveyed regions recognise their current challenges with becoming both more agile and more secure with their on-premises IT technology stacks.
Enterprises will recognise how best-of-breed cloud and mobile solutions will address these challenges.
How can the risk of breach be reduced through today’s IT technologies?
In simple terms, reducing risk means reducing the number of attack avenues (we use the term “attack vectors”) that are exposed to possible attackers.
Attack avenues are things like servers with outdated software versions, or vulnerable operating systems, misconfigured network devices, and even poor administrator access practices.
The list can be extensive — and justifiably so because deploying and maintaining IT infrastructure is difficult and complex.
The reason to approach cloud services to replace your on-premises IT infrastructure is to remove those attack avenues from your infrastructure.
Best-of-breed cloud services primarily focus on delivering a few key services very well (i.e. box for file collaboration, workday for HR systems, etc.).
>See also: 36% of businesses have no response plan for cyber attacks
Moreover, these services are held to high audit standards such that their infrastructure, personnel, and processes are always under focus and testing.
Attack avenues found in the typical on-premises IT infrastructure have been mitigated and blocked.
Best-of-breed cloud solutions need to be leveraged.
These services will offer the best avenues of feature integration, mobility usage, and service reliability — all while removing the attack avenues and improving cyber security for the enterprise.
What is the most common cause of a data breach (human error or external), and how can they be improved?
The most common cause of data breach has been and remains loss of access credentials from human error.
I define human error events to be everything from writing down credentials on notes and reusing weak passwords to falling victim to spear phishing attacks.
Users can be trained to avoid these types of errors.
>See also: 3 in 5 Brits at risk from cyber attack through poor mobile security
Providing easy-to-implement and easy-to-use security solutions that protect users’ identities even in the event user credentials are compromised is a key prevention control.
Are trends like BYOD having an effect on the compromised security of data?
The answer here is really yes and no.
Users that continue to use antiquated and fragmented Android platforms or old iOS versions, can become an attack vector if they inadvertently install malicious applications on the devices.
That being said, we see that — in large part — most of these types of malware attacks on older mobile devices are targeting users with persistent adware.
Users that are using newer Nexus-based Android devices or maintaining their iOS devices to the latest operating systems and are leveraging good habits in patching apps — and companies with BYOD policies that insist this happens — are not necessarily compromising security.