Organisations are under increasing pressure to provide open access to data and resources, while safeguarding against a myriad of security threats. The influx of digitally savvy Millennials into the workforce creates new challenges for IT managers and CISOs.
At one extreme there appears to be some serious reasons for concern. A recent study by KPMG showed that tech-savvy youngsters pose one of the greatest threats to enterprise security. The findings show a 285 percent rise in fraud cases involving defendants aged between 26 and 35.
While the vast majority of new workers are honest, they do have different attitudes towards privacy and data sharing that can be a risk factor for organisations handling sensitive customer data.
Our own research suggested that this new generation of tech savvy UK employees are twice as likely to have poorer data privacy habits and are much more likely to snoop on sensitive customer data or share work login details compared to their older counterparts. With lax attitudes towards data sharing and user privacy, this new generation of digital wizards should encourage CISOs and IT managers to rethink their approach to IT security and how they manage access to sensitive information.
Recent research suggests that many CIOs and IT managers may be too confident in their ability to protect their organisations from a security breach. The findings revealed contradictory viewpoints. On one hand 63 percent of IT security managers believed it is ‘easy' to govern staff access rights; on the other hand one in four respondents cited staff failure to follow access policies as the greatest threat to data security. What's even more worrying is that 42 percent of those surveyed admitted that they are unsure of their ability to monitor and prevent breaches caused by accidental or deliberate staff actions.
CISOs and IT managers are under immense pressure to prevent security breaches. Many of them fear the sack (42 percent), severe reprimands (41 percent) and demotion (34 percent) in the event of a security breach. This is not surprising given that almost half of the surveyed organisations have suffered a data breach and worry about large scale attacks such the widely reported demise of the C-suite executives at the US supermarket chain Target.
So how can CISOs and IT managers mitigate security risk?
One of the keys to reducing security risk is by managing more effectively how sensitive data is being shared and accessed across the organisation. But the huge volume of user identity data, or Big Identity Data as some call it, requires a lengthy review of multiple systems and terabytes of data. As organisations usually audit access risk data every few months or twice a year, many data protection flaws and vulnerabilities remain unexposed, creating potential security risks.
Additional challenges for CISOs and IT managers arise from the poor sharing of data between different departments within the organisation. For instance, 43 percent of the CISOs and IT managers feel they could have better relations with human resources in managing staff access rights and 59 percent don't feel confident or are unsure if they get enough help to make dealing with insider threats easier.
To be able to maintain control over IT security, while ensuring free access to the needed data and resources, organisations need to have a real-time view into how sensitive information is being accessed and shared by employees. This requirement is essential because identity data is constantly changing. As organisations are bringing on new users or terminating others (joiners, movers, leavers), activating new devices, granting access rights, and changing user roles, they need to be able to see how sensitive data is being accessed in real time.
Identity and access management solutions with intelligence capabilities make this possible. This will enable IT staff to identify potential security issues before they have become a real threat to the organisation and spot suspicious user behaviour as soon it occurs. By leveraging access risk data to better understand security risk and what's causing it, enterprises will be more prepared to tackle the security challenges created by the influx of tech savvy workers into the business environment.
Contributed by Chris Sullivan, VP of advanced solutions at Courion