The Cybersecurity and Identity Gap Survey€¦ · management (SIEM) software or monitoring performed in a modern security operations center (SOC) would have detected the anomalies

THE CYBERSECURITY AND IDENTITY GAP SURVEY Why passwords and two-factor authentication are not enough.

The Cybersecurity and Identity Gap Survey

2

T A B L E O F C O N T E N T S

Survey summary

The cybersecurity and identity gap

The convergence of identity and cybersecurity

Cybersecurity technology needs more integration

Gap made worse by rubber stamping

Authentication and identity governance need to merge

Modern authentication: It’s time to rethink the login experience

Stepping up to modern adaptive authentication

Password-only still prevalent

Office 365 is a cybersecurity risk

Widespread use of insecure email clients

Recommendations on bridging the cybersecurity and identity gap

3

4

6

7

8

9

10

11

12

13

14

15


3

SecureAuth commissioned Decision Analyst to conduct an online survey during the first quarter of 2018 among 202 IT decision makers who are in charge of Identity and Access Management at companies with 500 employees or more.

The survey found that:

Organizations More Vulnerable Bad Cybersecurity Posture

Need More Integration Still Rubber Stamping

Still Just Passwords Security at the Cost of Usability

Outdated Technology

SURVEY SUMMARY

Organizations are more vulnerableto attack and slower to react dueto significant gap in how theyapproach cybersecurity andidentity

Because organizations continue tostruggle with strengthening theiroverall cybersecurity posture, they’renot aligning cybersecurity measureswith identity initiatives

Technology managers want to see their identity solutions integrate not only with identity-governance products, but also with other cybersecurity measures

Because of “rubber stamping”approvals, technology manager areunsure of who has access to particular assets within the organization, creating a significant cybersecurity risk.

Half of computing systems,applications and networks areprotected with little more than apassword

Because of the lack of strongauthentication practices and thetype of sensitive data it contains,Office 365 and older email clientsare increasingly becoming a moresignificant cybersecurity risk thanever

To prevent unauthorized use of logincredentials, organizations areincreasingly implementingmulti-factor authentication; however,there is significant friction andpushback in end-user adoption


4

THE CYBERSECURITY AND IDENTITY GAP2019 will mark 40 years since 16-year-old hacker Kevin Mitnick called Digital Equipment Corporation (DEC) posing as a system developer to steal login credentials for the Ark computer system.1 Using those stolen credentials, Mitnick and his associates had unfettered access to the system. They exfiltrated source code and other software. If it were not for Mitnick’s associates reporting the crime to the police, it may have never been solved.2

Labeled as “cyberspace's most wanted” by The New York Times, Mitnick’s use of socially engineered stolen credentials would almost certainly be prevented with advanced adaptive authentication software today. And although today’s cybersecurity information and event management (SIEM) software or monitoring performed in a modern security operations center (SOC) would have detected the anomalies of Mitnick’s actions after he breached the system, two startling facts remain:

In other words, attackers still use basic identity information and compromised credentials to access networks, and they spend nearly one-third of a year moving laterally in a network stealing information and covering their tracks before their activities are identified and a breach is reported.

81 percent of confirmed data breaches today still involve weak, default or stolen passwords3

The median time from network compromise to discovery is approximately 99 days4

$93 billion

44.7%spent on cybersecurity

yet, breaches rose


5

A Ponemon study found that the average cost of a data breach in 2018 is US $3.86 million,5 roughly the same as the US $4 million that DEC claimed Mitnick cost it in 1979, according to court filings.6 By the end of 2018, Gartner predicts that roughly US $93 billion will be spent annually on cybersecurity.7 Yet, breaches rose by 44.7 percent in 2017.8 The status quo is unacceptable, so why does this still occur?

The main reason for the lack of improvement is that there is a significant gap between the SOC – where SIEM, network and endpoint solutions sit – and identity and access management (IAM) solutions.

With this gap in mind, SecureAuth commissioned a survey to better understand key areas affecting the gap between cybersecurity and IAM, and how the gap between these cybersecurity disciplines is handled and perceived within their organizations. The findings demonstrate that although organizations know they can do more, insufficient authentication practices, cybersecurity silos and employee resistance plague enterprise efforts to bridge the gap.

THE CYBERSECURITY AND IDENTITY GAP


6

The gap between cybersecurity and identity as perceived by respondents is significant. Nearly six out of every ten (59 percent) report that cybersecurity and identity decisions are separate in their organizations. Further illustrating this gap, the data finds that even in organizations that say both identity and cybersecurity roll up to the chief information security office or similar position, 41 percent believe that identity and cybersecurity decisions need to be taken together, while 42 percent say such decisions are separate.

Further, a quarter (24 percent) of large companies with more than 5,000 employees admit to being completely siloed when it comes to seeing threats, malware and network issues. The data reveals that the larger an organization is, the more the identification of threats, malware and network issues become siloed.

THE CONVERGENCE OF IDENTITY AND CYBERSECURITY


7

CYBERSECURITY TECHNOLOGY NEEDS MORE INTEGRATION

The good news is that the majority of tech managers say that the systems they currently have in place are able to help them identify anomalous risks regardless of this gap. And although 62 percent of companies would prefer to purchase the best solutions to meet requirements regardless of how many providers it would take, they would like to see more integration.

Technology managers would most like to see their authentication solutions integrate with identity-governance products, but many also want it to integrate with everything else, including vulnerability scanners, privileged access-management solutions and web proxies. This is particularly true for larger organizations.

Organizations seem to realize how important it is to control their cybersecurity deployments.

Preferred Deployment Model

hybrid

42%

private cloud or MSSP

36%

public/multi-tenant cloud

19%


8

GAP MADE WORSE BY RUBBER STAMPING

Adding to the width of the gap – and threat surface – technology managers are unsure of who has access to particular assets within the organization, largely due to “rubber-stamping.”

The survey found that three out of four respondents see some issue with access reviews, certifications and/or attestations of who has access to what. In fact, a quarter (26 percent) of large companies indicate that “rubber-stamping” access certifications/compliance control is occurring within their organizations and nearly one in five (19 percent) of all organizations report the same.

Organizations that experience rubber-stamping of approvals and do not have an accurate view as to who has – or who should have access to information within their organization – have a significant hole in their cybersecurity controls. It is no wonder that these respondents see little value in certification as a cybersecurity control and do not see value in integrating IAM and governance into broader cybersecurity initiatives.

Issues withCertification

Ineffective security control

29%

a time suck

28%issues not clear

22%

“rubber-stamping”

19%


9

AUTHENTICATION AND IDENTITY GOVERNANCE NEED TO MERGE

Respondents realize that rubber-stamping becomes a significant cybersecurity risk and want a better certifications solution.

This integration would provide a more accurate view of who has access to what, help them better provision such access and spot anomalies when login credentials are provisioned and used. This would be a natural bridge between cybersecurity and IAM, enabling the SOC to more rapidly identify and remediate risk.

94%

would consider purchasing another certification solution if it made it easier to see and understand anomalies and policy exceptions or if it made it far more efficient

want authentication solutions to integrate with their identity governance products.

61%


10

MODERN AUTHENTICATION: IT’S TIME TO RETHINK THE LOGIN EXPERIENCE

To prevent misuse of credentials, organizations are increasingly implementing multi-factor authentication (MFA), yet end-user adoption is problematic due to the friction of most two-factor authentication (2FA) or MFA methods.

Although 33 percent of respondents report that they have reached full coverage of all employees as mandated, nearly two-thirds (65 percent) of respondents report negative experiences implementing 2FA and MFA. When asked to assess their implementation status, more than half (59 percent) said new authentication methods are being implemented in stifled “waves” because it requires a change to employee behavior.

Experience friction from employees who are forced to download and use a mobile application.

Reported outright push back from enterprise users63%

6%

It appears that the majority of users mind downloading and using an app for 2FA or MFA, but do it anyway because they recognize it is necessary.


11

STEPPING UP TO MODERN ADAPTIVE AUTHENTICATION Stepping up, or requiring additional authentication methods, ensures that there is no misuse of credentials. When asked which situations would prompt them to step up 2FA or MFA for users —

While stepping up would have prevented attacks like Mitnick’s in 1979, it also creates friction for many users. By using modern adaptive authentication solutions, users can access the tools they need in a more frictionless experience.

attempts from suspicious or known malicious IP addresses

suspicious time travel/geo-velocity

Each of these are addressed by modern adaptive authentication methods and demonstrate positive movement in the industry.

61%

53%

52%

41%

50%

suspicious geographies

high-risk users

identified infected device users


12

PASSWORD-ONLY STILL PREVALENT

The industry still has much work to do in order to make modern authentication frictionless and more-widely adopted. However, percentage of organizations that implement modern adaptive authentication methods is trending in the right direction.

MFA Usage Areas

Windows machines

SaaS apps

VPN access

Privileged account

management products

Mac machines

Homegrown or on-prem apps


13

OFFICE 365 IS A CYBERSECURITY RISK

One area that seems to not have enough protection is Office 365, which is increasingly becoming a more significant cybersecurity risk than ever. Office 365 often contains financial and other valuable data. When an enterprise licensing agreement with Microsoft is implemented for 2FA or MFA, it is often too basic for most organization’s long-term needs. As a result, it is a common target for attackers. Office 365 has identity and cybersecurity gaps that can leave this valuable information exposed.

Currently have an enterprise licensing agreement (ELA) with Microsoft.

Attackers who have access to Office 365 documents may not need to attempt to access other areas of an organization’s network to steal valuable information. As a result, it may not be discovered by those monitoring endpoints and other security events in the enterprise until it is too late. This is but one example of how attackers exploit the gap between cybersecurity and identity to access cloud-based applications and services.

one-fifth say Microsoft does not solve their 2FA, MFA or adaptive projects well enough to utilize it.

one-third of companies say Microsoft is doing just enough to meet the bare minimum use cases for their 2FA or MFA needs.


14

WIDESPREAD USE OF INSECURE EMAIL CLIENTS

32% 39% 21% 26%

Use MS Outlook Version Older than 2013

Use Apple Mail

All Enterprise Organizations

Organizations 5000+ employees


15

RECOMMENDATIONS ON BRIDGING THE CYBERSECURITY AND IDENTITY GAP To address the gap between cybersecurity and identity, SecureAuth + Core Security recommends the following:

Remove the functional silos that exist between Identity and cybersecurity, leveraging data from both to reduce risk in your environment.

Seek best of breed technology solutions that support integration with other products, enhancing your ability to collect intelligence and inform your cybersecurity practice

Leverage technology to drive automation in your identity governance practice and remove the human factor

Embrace advanced adaptive authentication methods to remove user friction in the authentication process

Move beyond user name and password to improve the security of your authentication process and better protect your organizations assets

Ensure you employ advanced adaptive authentication in front of Office 365 and other email applications to defend this common attack vector

VISIT US: www.secureauth.com

COPYRIGHT

© 2018 by SecureAuthAll rights reserved.No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law.

SecureAuth is leveraged by leading companies, their employees, their customers and their partners to eliminate identity-related breaches. As a leader in access management, identity governance, and penetration testing, SecureAuth is powering an identity security revolution by enabling people and devices to intelligently and adaptively access systems and data, while effectively keeping bad actors from doing harm. By ensuring the continuous assessment of risk and enablement of trust, SecureAuth’s highly flexible Identity Security Automation (ISA) platform makes it easier for organizations to prevent the misuse of credentials and exponentially reduce the enterprise threat surface. Visit: www.secureauth.com.

SOURCES

1. http://www.thememoryhole.org/lit/deception-ch1.htm2. https://itknowledgeexchange.techtarget.com/uncharted-waters/wait-a-minute-what-did-kevin-mitnick-actually-do/ 3. https://www.knowbe4.com/hubfs/rp_DBIR_2017_Report_execsummary_en_xg.pdf4. https://www.fireeye.com/company/press-releases/2017/fireeye-releases-mandiant-m-trends-2017-report.html5. https://venturebeat.com/2018/07/10/ibm-security-study-mega-data-breaches-cost-40-million-to-350-million6. https://www.theregister.co.uk/2003/01/13/chapter_one_kevin_mitnicks_story/7.https://www.forbes.com/sites/tonybradley/2017/08/17/gartner-predicts-information-security-spending-to-reach-93-billion-in-2018/8. https://www.idtheftcenter.org/2017-data-breaches/

Documents

The Cybersecurity and Identity Gap Survey€¦ · management (SIEM) software or monitoring performed in a modern security operations center (SOC) would have detected the anomalies