Identity and access management (IAM) and security leaders are grappling with an ever-shifting threat landscape. These leaders are facing increasingly sophisticated hackers and attacks more frequently. They must discern what threats represent the most risk and how they can best address these issues.
Ahead of the Gartner Identity & Access Management Summit, we asked Greg Young, research vice president at Gartner, how IAM and security leaders can successfully recognize and respond to modern threats and secure their organizations.
Q: What are the biggest threats facing IAM and security leaders?
Gartner predicts that, through 2020, 99% of vulnerabilities exploited will continue to be the ones known by security and IT professionals for at least one year.
A: Ransomware is — and should be — top of mind for IAM and security leaders. In the past, hackers typically targeted an individual person or machine, which posed a challenge, but was more manageable. Today, hackers target entire organizations, encrypting multiple devices before making the demand for payment. There has been a significant increase in new ransomware families, with spam as the top infection vector.
Organizations need to protect against these types of potential vulnerabilities. An organization’s own failures cause a staggering number of attacks. Gartner predicts that, through 2020, 99% of vulnerabilities exploited will continue to be the ones known by security and IT professionals for at least one year. Imagine an organization as a house. A thief keeps robbing the home, yet the owner continues leaving the doors and windows unlocked. Why not lock the doors and windows and prevent or at least make it harder for the thief to break in?
Fortunately, there has been an increasing monetization of vulnerability research, leading to greater discovery and disclosure of vulnerabilities, increased transparency around vulnerability disclosure and more frequent releasing of patches and blocking solutions. IAM and security leaders have more tools available than ever before to help them protect their organizations against known vulnerabilities.