Last week Okta released a report that found 65% of IT leaders expect a serious data breach to hit their business within the next year. Essentially, the report states that companies fail to adapt to current cyber threats and upgrade their IT security quickly enough, which puts organizations at risk.
There’s a lot of debate about which statistics most accurately reflect the state of data breaches. I think a lot of it depends on the region where data breaches are reported.
The real statistics for data breaches are heavily reduced outside the US. This is due to privacy laws. Other factors include the lack of a real requirement to report a breach, as well as a total lack of information sharing. This situation leads to a catastrophic set up whereby the IT security in most companies is either horrible or completely non-existent.
Security training for employees and corporate IT security policies are ineffective once an organization grows large. The statistics prove that at least one employee will make a mistake and allow an intruder into the environment. You cannot train your way out of statistics and human error.
Technological solutions exist to minimize the number of data breaches, as well as their costs. Most organizations will not use these technologies for one of several reasons. They may not believe themselves to be a target. Perhaps they think that gathering the data would be a violation of law. Or maybe they assume they can insure their way out of the problem.
Minimizing Data Breaches Starts at the Top
Essentially, this is a corporate issue that begins at the top. The job of the CEO is to understand and manage risk, as well as limit consequences. And the problems within IT are horrible to a degree far beyond the Okta report’s conclusions.
The problem is not with the employees or IT itself. It’s with the CEO and Board of Directors who are not aware of the risks and the solutions that can minimize consequences in the cyber security space. Security training is mostly an ineffective solution. It all really comes down to the culture of senior executives to lead in cyber security. That will help minimize the outcomes from breaches to inconsequential numbers.
When we sell our Privileged Access Management solutions, we prefer dealing with companies that have the CEO on board with cyber security initiatives. Or ones who are at least prepared to fix broken security processes and rebuild network/identity boundaries for survivability.
The fixes to improve defenses against data breaches are inexpensive, quick and reliable. However, they can only come from the C-Suite, because only senior leadership can break the bad habits and designs of their business units.
By Philip Lieberman, President and CEO, Lieberman Software
Mr. Lieberman is an astute entrepreneur able to perceive shortcomings in the cyber security market, and fill those gaps with innovative solutions. He developed the first products for the privileged identity management space, and continues to introduce new solutions for this burgeoning security field.