There are approximately 5.35 billion internet users worldwide. Every move made online results in the generation of data, whether that’s replying to an email, clicking on links or sharing a post on LinkedIn. Every digital step you take leaves a trail of data for you to follow.
For companies, data is the currency of the digital world. It helps generate insights, make decisions and is one of the organization’s most valuable assets. However, as more data is created and stored, the potential attack surface grows.
In today’s threat landscape, cybercriminals are using every tool in their arsenal to gain access to unstructured corporate data. And as technology like GenAI becomes mainstream, cyber attacks are becoming increasingly sophisticated as criminals look to use this technology for their own malicious purposes – meaning business risk increases.
Attacks like we saw on Capita last year highlight that managing data access is proving difficult for organizations across industries. As organizations struggle to keep pace with today’s growing threat landscape, we’ll explore how companies can better secure, manage, and secure their data.
Senior Vice President for EMEA at SailPoint.
Putting the web of access control to rest
Nearly half of employees in companies today consist of a variety of non-employee identities. This means that in addition to full-time and part-time employees, there are also many people from outside the organization, for example external contractors, freelancers or temporary workers, who all regularly enter and leave the organization. networks. All of these identities will have different access requirements, which can be challenging to keep track of, especially if organizations don’t have visibility into who has access to what data, when, and why.
This is further complicated by the rapid growth of unstructured data. Information contained in spreadsheets, email files, and video and audio formats leaves organizations without visibility into where the data resides, not to mention who owns it.
This leads organizations to overprovision access, granting too much access beyond what the roles and responsibilities should allow. In fact, our research shows that 72% of companies have inappropriately granted access to sensitive data. Challenges include unprecedented growth in the amount of unstructured data, difficulty knowing where unstructured data resides, challenges with appropriate management and a lack of automation.
With more user access points, this creates a larger attack vector for cybercriminals, increasing the likelihood of a breach. In fact, 78% of companies surveyed reported that a security issue resulted from improper access.
Without insight into who has access to what and when, hackers can operate undetected. This is at the root of a clear gap between the security goals of most organizations and the reality of securing critical data and information. Considering that the average breach in 2023 was only discovered after 204 days, the likelihood of hackers continually infiltrating and stealing critical data and information is enormous.
The costs of a breach
The average cost of a data breach reached a record high globally last year, skyrocketing to $4.45 million. Yet the consequences go beyond financial loss. Our research shows that a third of respondents cite reputational damage resulting from providing inappropriate access to critical data. Not to mention the operational downtime, customer loss, and system recovery that can also result from a data breach.
To help prevent attacks, organizations must be at the forefront of protecting their data and not wait to be swayed by government regulation or red tape. Ahead of regulations such as NIS2 later this year, UK businesses are making progress by putting the right processes in place to keep their data secure. However, three quarters still need to make preparations to better protect themselves and their customers.
Preparation is key
To prepare for potential attacks, organizations should implement risk analysis policies and procedures to assess the effectiveness of cybersecurity risk management measures. Some examples of this include ensuring that access is disabled when employees or contractors no longer work for you, and avoiding the use of ‘generic’ accounts (accounts that are not associated with a named individual). Organizations should also implement approval and risk analysis processes when granting access to critical applications to prevent situations that could lead to fraud or data breaches.
Through a unified, AI-based approach to identity security, organizations can ensure that employees have only as much access as necessary to carry out their assigned roles and responsibilities – no more, no less. The use of AI also accelerates and streamlines identity decisions, something that is crucial given the speed at which businesses – and cyber threats – are evolving. This allows identity teams to act faster and more effectively to detect and stop unnecessary, inappropriate or potentially compromised access.
Protecting data is business critical. With the threat landscape growing by the day and the UK’s National Cyber Security Center warning that malicious AI use will drive the threat landscape by 2024, companies must take action to protect their data – and quickly.
The stakes have never been higher, but with AI-powered tools and technology, organizations can gain better visibility and insight into the specific risks associated with user access. This can have a significant impact on how organizations manage, control and secure all types of identities, helping to protect data from attacks.
We recommended the best identity management software.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we profile the best and brightest minds in today’s technology industry. The views expressed here are those of the author and are not necessarily those of Ny BreakingPro or Future plc. If you are interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro