What can businesses, IT teams and cybersecurity professionals learn from some of the biggest breach incidents in 2019? What will identity management look like in 2020? It’s time to kick off the new year by taking stock of the cybersecurity landscape and preparing for new challenges.
Biggest Data Breaches of 2019: A Look Back
Breach incidents increased 33% in 2019 over the previous year to a total of 5,183 events and 7.9 billion exposed records. Sensitive data was a prime target. Hackers honed in on Social Security numbers, passport numbers, bank account information, medical records and similar identifying information.
Many of the largest breaches of 2019 hit well-known companies and social networks, including:
• Facebook and Instagram – Hundreds of millions of passwords compromised when stored as plain text
• Marriott – Up to 383 million guest records
• Zynga, producers of Words with Friends – 218 million player accounts, including email addresses, names and login details
• Capital One – 100 million credit card applications, 140,000 Social Security numbers, 80,000 bank account numbers and additional personal data
• Houzz – 48.9 million customers hacked
• American Medical Collection Agency – Data of over 20 million patients hacked
• Adobe Creative Cloud – 7.5 million customer records exposed in an unsecured database
The sheer magnitude of these breaches highlights the critical importance of securing business data and verifying the security practices of third-party service providers. Performing security audits to identify loopholes and vulnerabilities in complex business networks provides a safeguard against the growing cost of breaches, which has increased 12% over the past five years to $3.92 million per incident.
Identity Management Predictions for a New Decade
As occurrences and costs of breaches rise, businesses must redirect identity and access management efforts to better verify users, not just credentials. IAM in 2020 will require more detailed data collection and a combination of authentication methods to create complete pictures of users, how they access networks and what they do during sessions.
Collecting and storing more data points allows for contextual access control, which mixes strong authenticators like biometrics with other details, including networks, access locations and device types. Taking a contextual approach has the potential to allow businesses to move from single sign-on models to zero sign-on, in which users enter credentials only once and behavioral data is used for continual identity verification.
The shift to ZSO could remove the last bit of friction between users and networks. Current bring-your-own-identity models are convenient but can suffer from security issues if third parties issuing and managing identities fail to do their due diligence in addressing vulnerabilities. As access domains expand, users will require more self-service options, which could create additional security issues unless businesses begin to adopt strategic technology-based authentication methods.
Privileged accounts remain prime targets for hackers and big risks for businesses. Adaptive trust models may provide better access management of users with privileged credentials, as such models are designed to adapt to fluctuating risk levels. By controlling network access using behavioral data, it’s possible to identify unusual behaviors and prevent hackers from infiltrating networks. A hacker using stolen credentials can’t mimic every habit of the real user and will be locked out when behaviors deviate from data on file.
Combining new approaches to IAM with improvements in user and data tracking will allow businesses to locate and fix network vulnerabilities going into 2020 and continue to improve access control as the threat landscape changes.
Cybersecurity in 2020: Predictions and Trends
Cybersecurity experts predict continued changes and challenges in the coming year, including several trends with the potential to significantly impact how business and organizations approach security:
• Moving toward more cloud-based software-as-a-service applications will necessitate improved security measures among businesses and providers
• The ongoing threat and increasing sophistication of phishing attacks will require continued monitoring and education to prevent breaches
• Hackers will move from using stolen credentials to hijacking user identities in an attempt to infiltrate systems
• Businesses and organizations will require personalized authentication protocols to support increasingly dynamic cybersecurity needs
• Developers will begin focusing on edge computing applications to expand cloud environments and improve edge device utilization
• Improved controls will be required to prevent smart device and voice assistant hijacking
In light of these predictions, businesses should be prepared to spend more on cybersecurity in the coming year. It’s also likely new user data privacy laws and regulations will be implemented, thus requiring a greater level of diligence and accountability on the part of organizations handling sensitive information.
To kick off 2020 with a strong approach to identity management and cybersecurity, businesses should look for qualified experts with whom to partner and begin addressing vulnerabilities within networks, systems and protocols. By fixing issues with the potential to leave network environments open to attack, companies can move forward and face new cybersecurity challenges with confidence.