Identities Are The Highest Priority Risk Area

Uploaded on 2024-06-04 in TECHNOLOGY--Resilience, NEWS-Cybersecurity News, FREE TO VIEW

As the threat landscape continues to evolve in 2024and threat actors become increasingly more sophisticated, organisations are seeking ways to increase their security posture. Now, the leading data security firm Entrust and the  Ponemon Institute have produced a new survey about approaches to identity management.

They asked over 4,000 IT and security professionals around the globe about their adoption of Zero Trust as a security practice, and the technologies they rely on to support their efforts to prevent cyberattacks.

The 2024 State of Zero Trust & Encryption Study surveyed 4,052 IT and IT security practitioners across the US, UK, Canada, Germany, Australia and New Zealand, Japan, Singapore, and the Middle East.  

The survey shows that people are now more motivated to invest in security to prevent data breaches, rather than just to follow regulations. While in the past, compliance was the main reason for security investments, 41% of respondents now prioritise security investments to reduce the risks of data breaches or other security incidents.  

This marks a significant change in attitudes toward why organisations invest in security. 

Key findings from the 2024 State of Zero Trust & Encryption Study include:  

  • Rising rates of cyber breaches are driving Zero Trust adoption: Two-thirds of organisations list cyber-risk concerns as the most important drivers for implementing a Zero Trust strategy.
  • The pattern is even more pronounced in the US, with 50% of organisations citing cyber breach risk and 29% reporting the expanding attack surface for a combined total of 79% 

Senior leadership support for Zero Trust is increasing, but skills and budget aren’t keeping pace: Despite 60% of organisations reporting significant senior leadership support for Zero Trust, a lack of skills and budget continue to be cited as the biggest roadblocks to implementing these frameworks, highlighting a discrepancy between support and resource allocation. 

Zero Trust adoption is exploding, but lagging in the West: While 62% of organisations have begun their own Zero Trust journey, only 48% of US organisations have, raising a concern that Western entities know they have a problem but are unable to adopt Zero Trust, leaving them vulnerable to cyber threats. 

Good cyber hygiene alone can’t safeguard against all threats: 46% of respondents cited hackers exposing sensitive or confidential data as their top security concern, followed by system or process malfunctions and unmanaged certificates. For the first time in the past eight years, organisations did not rank employee mistakes as a top security threat. 

People, skills, and ownership remain painful hurdles for CISOs to achieve effective credential management: 50% of respondents identified a shortage of skilled personnel, 47% highlighted the absence of clear ownership, and 46% pointed to inadequate staffing as the primary reasons for the challenges associated with credential management. 

Image: Nick Fancher

You Might Also Read: 

Security Gaps In Business-Critical Identity Services:

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Increasing Software Cyber Resilience
You’ve Got Mail »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Canadian Centre for Cyber Security (CCCS)

Canadian Centre for Cyber Security (CCCS)

The Cyber Centre is the single unified source of expert advice, guidance, services and support on cyber security for government, critical infrastructure, the private sector and the public.

Professional Information Security Association (PISA)

Professional Information Security Association (PISA)

PISA is an independent and not-for-profit organization for information security professionals, with the primary objective of promoting information security awareness and best practice.

Cybonet

Cybonet

Cybonet provides easy to deploy, flexible and scalable security solutions that empower organizations of all sizes to actively safeguard their networks in the face of today’s evolving threats.

TrainACE

TrainACE

TrainACE, is a professional computer training school offering courses in information technology with a focus on Advanced Security training.

VU Security

VU Security

VU is a specialist in Cybersecurity software development with a focus on the prevention of fraud and identity theft.

Phew

Phew

Phew are New Zealand cyber security specialists with expertise and experience forged in global financial markets, IT&T, management consulting and SME business management.

Datec PNG

Datec PNG

Datec is the the largest end-to-end information and communications technology solutions and services provider in Papua New Guinea.

Incognito Forensic Foundation Lab (IFF Lab)

Incognito Forensic Foundation Lab (IFF Lab)

IFF Lab is a premier cyber and digital forensics lab in India that offers forensic services and solutions, cyber security analysis and assessment, IT support, training and consultation.

Sum&Substance (Sumsub)

Sum&Substance (Sumsub)

Sum&Substance is a developer of remote verification solutions. Our technology allows online services around the world to meet regulatory requirements, prevent fraud and enhance customer confidence.

SDG Corp

SDG Corp

SDG is a global cybersecurity, identity governance, risk consulting and advisory firm, addressing complex security, compliance and technology needs.

Akito

Akito

Akito was set up to become a point of reference in the ICT market for issues related to Security and in particular Cyber Security.

BDO Global

BDO Global

BDO is an international network of public accounting, tax and advisory firms which perform professional services under the name of BDO.

Maxxsure

Maxxsure

Maxxsure provides a platform for executive management, leveraging proprietary technology that identifies, measures, and scores a company’s cyber risks.

Gotham Security

Gotham Security

Gotham Security delivers high-quality penetration testing, malicious adversary simulation, compliance program development, and threat intelligence services.

Domotz

Domotz

Domotz enables IT teams to monitor and manage their networks remotely, while ensuring that the security and the operational efficiency of their organizations are properly maintained.

ViroSafe

ViroSafe

ViroSafe is a leading value-added distributor of IT security solutions in Norway.