68% of data breaches take months or longer to discover
Data Breach Investigations
The eleventh annual Verizon Data Breach Investigations Report (DBIR) provides valuable insight for the Identity and Access Management community. The research is based on analysis of over 50,000 real-world incidents, and over 2000 confirmed data breaches. While the report covers a wide range of data vulnerabilities, Identity and access security is the leading attack vector.
Who and Why?
50% of the attacks were perpetrated by members of organized criminal groups and 12% by state-affiliated actors. 76% of breaches were financially motivated which is no surprise, but 28% of breaches are related to insiders that include partners, employees and otherwise trusted users. 17% of breaches were related to simple human errors like sending the wrong email, forgetting to shred confidential documents, or technical configuration mistakes. While these errors were not deliberate the aftermath can be very expensive. These data points illustrate the increasing importance of modern access management solutions that decentralize threats and focus on least access with robust analytics to monitor threats.
Data Breach Facts
Only 4% of people will click on any given phishing campaign. Good to see a small percentage here, but this number can be misleading. One wrong click can expose many attack opportunities with devastating consequence. 68% of breaches took months or longer to discover. This should raise concern for all security minded companies. Extended exposure increases the amount of damage, data loss, and reputational impact. Multi-factor authentication and adaptive access control strategies should be employed to increase protection and reduce the time it takes find and respond to these attacks.
The future of Identity Security
While most companies have invested millions in identity security platforms, the data shows that these platforms are simply not effective. Most Identity and Access management solutions centralize identity data which provides predictable attack vectors that lead to the large number of breaches that are very common today. The future of Identity Management security is the IdRamp decentralized Identity Fabric. IdRamp augments existing Identity and Access Management platforms with superior access security policies and detailed analytics for threat awareness. No need to replatform or worry about next generation innovations like Blockchain identity and infinite factor authentication. The IdRamp fabric will adapt legacy investments and provide a smooth path into the next generation of identity security.
The Data Breach Investigations Report provides more detailed information and strategic insights that will be of interest to any Identity and Access Management team.To download the full report please visit the Data Breach Investigations Report page.