Ongoing Entitlement Reviews Crucial for Cybersecurity

Internal breaches, often inadvertent, are now the greatest threat to cybersecurity. According to a study by Verizon, the number of insider related breaches is rising annually. In the first half of 2019, 4.1 billion records were exposed as a result of data breaches, and in the last full year of reporting, 34 percent of all breaches were caused by insiders. Human vulnerability is a greater threat than hackers, and accidentally leaking information, such as passwords, is the biggest factor in internal breaches. Many organizations feel that they are adequately stopping employees from having access to data that they shouldn’t, but if that was true, insider attacks would not be on the rise. One popular strategy is regular entitlement reviews — assessing who has access to what, and revoking rights when necessary. As regulations such as the GDPR and California’s new data privacy law come on line such reviews need to be more frequent and comprehensive. The next level for internal security is reviews on an “as you go” basis, which means managers can consistently keep on top of access, and revoke or expand it daily. As a result, all certifications are up to date when annual or semi-annual reviews are undertaken to comply with regulations.