Identity and access management (IAM) and security leaders are grappling with an ever-shifting threat landscape. These leaders are facing increasingly sophisticated hackers and attacks more frequently. They must discern what threats represent the most risk and how they can best address these issues.
Ahead of the Gartner Identity & Access Management Summit, we asked Greg Young, research vice president at Gartner, how IAM and security leaders can successfully recognize and respond to modern threats and secure their organizations.
Q: What are the biggest threats facing IAM and security leaders?
Gartner predicts that, through 2020, 99% of vulnerabilities exploited will continue to be the ones known by security and IT professionals for at least one year.
A: Ransomware is — and should be — top of mind for IAM and security leaders. In the past, hackers typically targeted an individual person or machine, which posed a challenge, but was more manageable. Today, hackers target entire organizations, encrypting multiple devices before making the demand for payment. There has been a significant increase in new ransomware families, with spam as the top infection vector.
Organizations need to protect against these types of potential vulnerabilities. An organization’s own failures cause a staggering number of attacks. Gartner predicts that, through 2020, 99% of vulnerabilities exploited will continue to be the ones known by security and IT professionals for at least one year. Imagine an organization as a house. A thief keeps robbing the home, yet the owner continues leaving the doors and windows unlocked. Why not lock the doors and windows and prevent or at least make it harder for the thief to break in?
Fortunately, there has been an increasing monetization of vulnerability research, leading to greater discovery and disclosure of vulnerabilities, increased transparency around vulnerability disclosure and more frequent releasing of patches and blocking solutions. IAM and security leaders have more tools available than ever before to help them protect their organizations against known vulnerabilities.
Q: What main challenges are IAM and security leaders facing?
A: Evolving tactics in attacks and increased evasion, coupled with staffing shortages, are creating challenges for IAM and security leaders. The rise of connected devices via the Internet of Things (IoT) has created issues with scale. Existing security tools cannot effectively handle the influx in the number of devices that need to be secured and monitored (desktops, laptops, mobile devices), making it harder to effectively monitor for potential vulnerabilities. The industry-wide security skills shortage is only compounding this challenge. Organizations are making larger investments in security tools to combat increased threats and secure more devices, but they are struggling to hire skilled personnel to support these tools.
Q: How can IAM and security leaders secure their organizations against modern threats?
A: IAM and security leaders must first address and patch known vulnerabilities. They should assess existing resources and ensure they are investing in an equal mixture of detection and prevention solutions. They should also consider redesigning their assets and moving different assets into more secure locations, or segmenting to add floodwalls between parts of their organization. Adding these obstacles will make it more challenging for hackers to penetrate an organization.
IAM and security leaders should stay abreast of broader trends and understand how they affect their organization’s security. These leaders tend to miss the bigger trends in threat evolution by examining only the attacks and attackers. We have found that a large majority of organizations think it is very important to know the origin of an attack. Counting attacks is a fruitless effort — it does not matter who threw the rock, it only matters that you need to get stitches. Focusing on attribution only diverts resources, leaving other areas vulnerable when an attack occurs.