informa
Products & Releases

Courion survey: IT security execs have breach anxiety

Management of Access Privileges Cited as Critical to Reducing Risk and Increasing Security.

WESTBOROUGH, Mass., April 29, 2014 — If you are a Chief Information Security Officer (CISO), chances are you may not be getting much sleep lately according to a recent survey of IT security executives at companies of 500 or more employees. The survey1, conducted in March 2014 by Courion, a leading provider of intelligent identity and access management (IAM) solutions, revealed that 78 percent of respondents are anxious about the possibility of a breach at their organization.

What's more, IT security executives are increasingly aware that they are on the front line, maintaining brand equity and protecting customers' privacy and personal data. 58.8 percent identified "protecting the privacy of our customers" as their primary goal in addressing a significant security breach, and 62.7 percent admitted they most fear "negative publicity affecting the company brand," should a breach occur within their organization.

"Our recent survey confirmed what we've been hearing from many customers over the past few years, the role of the senior IT security executive is constantly changing," said Christopher Zannetos, president and CEO of Courion. "Not only are they thought of as the front line defense for protecting sensitive company and customer information, they also feel responsible for brand image and customer satisfaction. IT security cannot tackle all this alone, however. We believe, and this survey confirmed, that better employee education and management of user access can provide much needed support for the security team."

Respondents cited "managing user access" and "communicating or enforcing company policies" among top security priorities in 2014, but also believe other stakeholders may not consider the careful control of user access an important issue. For example, respondents said that while 95 percent of their IT security team considers preventing security breaches a serious issue, they believe only 45 percent of the employee base feels the same.

Indifference at the employee level, lack of knowledge and malicious acts by trusted insiders can present a challenge for IT security, as evidenced by the 2014 Verizon Data Breach Investigations Report, which included "insider misuse" as one of the nine basic patterns that all breaches can be described by. Within this pattern, "privilege abuse" was the top threat action observed in 88 percent of security incidents.

This is meaningful, since "Account Monitoring and Control", "Controlled Access Based on the Need to Know" and "Controlled Use of Administrative Privileges" are three of the Top 20 Critical Security Controls recommended by the SANS Institute, one of the largest sources for information security training and security certification in the world.

__________________________________________________
1Survey sent to over 4000 IT executives with a response rate of 3%.

To learn more about how you can use intelligent identity and access management solutions as part of your security controls, contact 866.Courion or [email protected].

To see the survey results, visit http://www.courion.com/ITSecurityExecSurvey.

About Courion

With deep experience and more than 600 customers managing over 10 million identities, Courion is the market leader in Identity and Access Management (IAM), from provisioning to governance to Identity and Access Intelligence (IAI). Courion provides insight from analyzing the big data generated from an organization's identity and access relationships so users can efficiently and accurately provision, identify and minimize risks, and maintain continuous compliance. As a result, IT costs are reduced and audits expedited. With Courion, you can confidently provide open and compliant access to all while also protecting critical company data and assets from unauthorized access.

Courion is a registered trademark of Courion Corporation. All rights reserved. All other company and product names may be trademarks of their respective owners.

 

 

Recommended Reading: