Identities Are The Highest Priority Risk Area

Uploaded on 2024-06-04 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

As the threat landscape continues to evolve in 2024and threat actors become increasingly more sophisticated, organisations are seeking ways to increase their security posture. Now, the leading data security firm Entrust and the  Ponemon Institute have produced a new survey about approaches to identity management.

They asked over 4,000 IT and security professionals around the globe about their adoption of Zero Trust as a security practice, and the technologies they rely on to support their efforts to prevent cyberattacks.

The 2024 State of Zero Trust & Encryption Study surveyed 4,052 IT and IT security practitioners across the US, UK, Canada, Germany, Australia and New Zealand, Japan, Singapore, and the Middle East.  

The survey shows that people are now more motivated to invest in security to prevent data breaches, rather than just to follow regulations. While in the past, compliance was the main reason for security investments, 41% of respondents now prioritise security investments to reduce the risks of data breaches or other security incidents.  

This marks a significant change in attitudes toward why organisations invest in security. 

Key findings from the 2024 State of Zero Trust & Encryption Study include:  

  • Rising rates of cyber breaches are driving Zero Trust adoption: Two-thirds of organisations list cyber-risk concerns as the most important drivers for implementing a Zero Trust strategy.
  • The pattern is even more pronounced in the US, with 50% of organisations citing cyber breach risk and 29% reporting the expanding attack surface for a combined total of 79% 

Senior leadership support for Zero Trust is increasing, but skills and budget aren’t keeping pace: Despite 60% of organisations reporting significant senior leadership support for Zero Trust, a lack of skills and budget continue to be cited as the biggest roadblocks to implementing these frameworks, highlighting a discrepancy between support and resource allocation. 

Zero Trust adoption is exploding, but lagging in the West: While 62% of organisations have begun their own Zero Trust journey, only 48% of US organisations have, raising a concern that Western entities know they have a problem but are unable to adopt Zero Trust, leaving them vulnerable to cyber threats. 

Good cyber hygiene alone can’t safeguard against all threats: 46% of respondents cited hackers exposing sensitive or confidential data as their top security concern, followed by system or process malfunctions and unmanaged certificates. For the first time in the past eight years, organisations did not rank employee mistakes as a top security threat. 

People, skills, and ownership remain painful hurdles for CISOs to achieve effective credential management: 50% of respondents identified a shortage of skilled personnel, 47% highlighted the absence of clear ownership, and 46% pointed to inadequate staffing as the primary reasons for the challenges associated with credential management. 

Image: Nick Fancher

You Might Also Read: 

Security Gaps In Business-Critical Identity Services:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Increasing Software Cyber Resilience
You’ve Got Mail »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Vaddy

Vaddy

Vaddy provide an automatic web vulnerability scanner for DevOps that performs robust security checks to ensure that web app code is secure.

Swedish Civil Contingencies Agency (MSB)

Swedish Civil Contingencies Agency (MSB)

MSB's Information Assurance Department is responsible for supporting and coordinating work relating to Sweden's national societal information security.

StrongKey

StrongKey

StrongKey (formerly StrongAuth) is a leader in Enterprise Key Management Infrastructure, bringing new levels of capability and data security at a price point significantly lower than other solutions.

Cyverse

Cyverse

Cyverse is a cyber-security firm which provides corporations with state-of-the-art cyber-security service-based and technological solutions made in Israel.

Cyber Discovery

Cyber Discovery

Cyber Discovery, the UK Government's Cyber Schools Programme, is a learning programme designed to give young people the opportunity to learn the skills needed to enter the cyber security profession.

Kuratorium Sicheres Österreich (KSO)

Kuratorium Sicheres Österreich (KSO)

KSO is an independent non-profit association that has set itself the goal of making Austria safer as a national networking and information platform for topics of internal security.

IoT Defense

IoT Defense

IoT Defense (IOTD) is a cybersecurity and networking company building solutions that enable the protection of networks and the ever-increasing prevalence of IoT devices.

Women in CyberSecurity (WiCyS)

Women in CyberSecurity (WiCyS)

Women in CyberSecurity (WiCyS) is a non-profit organization dedicated to the recruitment, retention and advancement of women in the cybersecurity field.

Kratikal

Kratikal

Kratikal provides a complete suite of manual and automated security testing services.

Amadeus Capital Partners

Amadeus Capital Partners

Amadeus Capital Partners offers over 20 years’ experience in technology investment. Our areas of focus include AI & machine learning and cyber security.

ScienceSoft

ScienceSoft

ScienceSoft is a provider of software development and IT consulting services including Information Security.

SecureData

SecureData

SecureData provide professional data recovery services, digital forensics, data recovery software and FIPS 140-2 Level 3 Validated hardware encrypted drives.

Abacus Group

Abacus Group

Abacus Group is a global IT services firm for alternative investment firms, providing an enterprise technology platform specifically designed to meet the unique needs of financial services.

Merkle Science

Merkle Science

Merkle Science provides next generation risk mitigation, compliance and forensics for crypto-native businesses, DeFi participants, financial institutions & government agencies.

Jersey Cyber Security Centre (JCSC)

Jersey Cyber Security Centre (JCSC)

Jersey Cyber Security Centre is the jurisdiction's Cyber Emergency Response Team (CERT) and national technical authority for cyber security.

Hakware

Hakware

Hakware is a next-generation Security Management solution offering a comprehensive OneView of your entire IT and security environment.