Half of IT pros lack confidence in their company’s cybersecurity strategies

Centrify asked IT professionals attending RSA Conference 2017 how their companies secure applications and infrastructure in the age of access, and their responses revealed that a startling number lacked confidence in their own organization’s corporate security.

Half of IT pros lack confidence in their company’s cybersecurity strategies

Only slightly more than half (55%) stated they believe their company’s current technology investment ensures their company’s cybersecurity. But when asked about which of the 15 different identity and access management (IAM) best practices they use, it turns out that many fall short on implementing enough of them to warrant a confidence score.

Among 15 different IAM best practices, organizations are most likely to enforce:

  • Single sign-on (68 percent)
  • Adaptive multi-factor authentication (43 percent)
  • Least privileged access (44 percent)
  • No sharing of privileged accounts (36 percent), and
  • Secure remote access without a VPN (35 percent).

Organizations are least likely to enforce privileged session recording (13 percent), granular automatic deprovisioning across server and app accounts (12 percent), and privilege elevation management (8 percent).

Depending on the IAM best practices employed, respondents received an IAM maturity score – with level one being the least mature and level four being the most mature.

Only twenty percent of respondents received a level four IAM maturity score, meaning they conduct audits with confidence and are, according to a Forrester study commissioned by Centrify, fifty percent less likely to experience a breach and more likely to spend forty percent less on technology. The other eighty percent received a lower IAM maturity score, meaning they are much more likely to experience two times more breaches and $5 million more in costs.

Additionally, the survey found 26 percent of respondents still share passwords, despite an increase in breaches, and 78 percent have been the victim of a phishing email.

RSA Conference 2017