Nearly half of Australian IT managers believe their organisations are targeted for a security breach every week – with one in eight believing they had been attacked in the past 60 seconds – according to a customer survey conducted at the recent AusCERT conference on the Gold Coast.
The survey of more than 100 attendees, conducted by identity-management firm Centrify, asked the subjects about their biggest concerns for the next year and security topped the list, with 56 percent nominating security as a key issue.
Cloud computing was a close second, with 55 percent, while mobile applications and management came third with 21 percent.
That's hardly surprising news for Niall King, senior director of APAC sales with Centrify, who told CSO Australia that high-profile breaches – such as 2013's massive Target hack and the recent compromise of the US Office of Personnel Management – had finally brought security into the limelight.
“IT managers all over the world want to make data and applications more open and usable, but they are also concerned about security,” he explained. “These challenges seem to be consistent across geographies – but we only hear about them when there is someone famous involved.”
Fully 83 percent of surveyed IT managers were as concerned or more concerned about security breaches at their organisations than they were a year ago. Only 5 percent were less concerned than a year ago.
Little wonder: while the survey revealed a heightened sense of concern about security exposure, fully 13 percent believed their organisation had been attacked within the last 60 seconds – supporting the narrative that attacks are an ongoing and unrelenting issue for IT managers.
This shift in mentality had been echoed by a shift in approach to network security, according to King, who highlighted the growing role of better identity management in securing the challenging manual process of account management, which has regularly been exposed as one of the most regularly-compromised vectors in organisations today.
Many had come to see identity as more important even than the actual data, since “with a user's identity you can get into everything,” King said. “Not just the intellectual property, but everything else within the company.”
Despite their power, accounts were often left with vestigial privileges as employees progress from one job role to another. Particularly in large organisations, pressured IT staff had found it hard to keep up with these changes, King said, and yet with the ongoing siege from hackers it was more important than ever that those privileges be kept in check.
With cloud services now added to the mix, the situation had become even worse, King added, since individual employees were frequently authenticating to the services without any involvement from the corporate identity framework.
Those companies need “a system to methodically go through and unify all of these identities into one set of credentials,” King explained. “Then you can have a back-end system that monitors what's going on between the cloud providers and applications, and you can very clearly monitor who is accessing what, and what they are doing.”
This article is brought to you by Enex TestLab, content directors for CSO Australia.