The release date for the new Bond film – ‘No Time To Die’ – may have be delayed again to April 2021, but the acts of its villainous characters are being played out on enterprises daily – in the form of cyber attacks.
Take Raoul Silva in ‘Skyfall’ – always one step ahead of Bond, though unlike previous villains, he doesn’t need an army to achieve world domination. All it takes is an analytical mind, a computer connected to the internet, and the ability to target the weakest link of IT systems of any organization or government and he has everything he needs to cause chaos.
This is scarily – and literally - close to home for enterprises, with hackers increasingly looking to take advantage of multiple access points from employees as we continue to work remotely. A recent study we conducted found that in the first six months of the pandemic alone, 48 percent of UK remote workers experienced targeted phishing emails, calls, or texts in either a personal or professional capacity. Without the traditional security perimeter of the office and a network firewall, employees are left far more exposed.
To make matters worse, 42 percent of UK employees said that their company had not put any additional cyber security measures in place for the last twelve months, despite the gradual shift to more cloud applications like Teams and SharePoint which was ongoing even before the pandemic. Only 18 percent have seen improved security measures for access to online files. What’s more, almost a quarter (24 percent) of Brits are self-sabotaging their online security at home, sharing work passwords with a partner or family members - increasing the risk of passwords falling into the wrong hands. All of this is opening up the doors to sensitive business information.
If the Bond storyline was true, Silva would be having a field day. He’d be proud of the chaos that is playing out as enterprises fail to keep a grip on cyber security issues. At the beginning of the year, the 2020 World Economic Forum Global Risks Report rated cyberattacks on critical infrastructure as the fifth greatest risk to the global economy. Now, well into the pandemic, it’s even more likely that organizations are suffering from those cyber vulnerabilities that Silva takes advantage of in the 2012 film.
The new normal
Cyber risks have become the new normal across sectors such as energy, healthcare and transportation. The NHS has had to handle around 200 attacks in the past eight months alone. And most recently, the National Cyber Security Centre issued fresh warnings about fake websites and phishing scams offering Black Friday deals to consumer – many of whom are predicted to have made purchases on work devices or through work accounts.
Such attacks have even affected entire cities. Public and private sectors alike are at risk of being held hostage. We are now seeing cybercrime-as-a-service is a growing business model, as the increasing sophistication of tools on the ‘darknet’ makes malicious services more affordable and easily accessible for anyone. In 2021, cybercrime damages might reach $6 trillion USD— equivalent to the GDP of the world’s third largest economy.
The data brokering market—aggregating, disaggregating, copying, searching and selling data for commercial purposes—is worth an estimated $200 billion USD a year. Digital dependency, which has inevitably soared during the Covid-19 crisis, is changing the nature of national and international security. This is raising three urgent issues: how to protect critical infrastructure, uphold societal values and prevent the escalation of state-on-state conflicts. Remember, all it takes is good to do nothing for evil to triumph.
Defeating the Silvas of the world through identity
To defeat the ‘Silvas’ of this world and secure the enterprise against hackers, it is crucial that leaders rethink their identity strategy. Managing access and identities are no longer just about back-office IT and compliance functions. It’s an essential business enablement function at the heart of the digital economy. In fact, the amount being spent on identity management is projected to increase faster than the amount spent on all security measures.
This is due to the growing recognition of how important proper identity management is in enabling an effective security posture. It is the tie that binds. Identity is the foundation for e-commerce and enables the relationship that the enterprise has with its consumers as part of user experience improvement. Identity is critical in digital transformation, operational efficiency, compliance, and managing cyber risk. Through data protection, threat detection, resiliency, and application security, identity is woven across the enterprise and the extended enterprise and value chain.
For many organizations, their identity and access management programs are not where they would like them to be. As they progress towards their identity goals, organizations will need help with undertaking digital transformation objectives and ensuring business continuity during the difficult months ahead as we continue to navigate the impact of the pandemic. Each organization has its own challenges and requirements, but one thing’s for sure – cyber security must take priority.
Channeling the inner 007
People and processes are just as important to the success of identity and access programs as the technology. When these align, organizations are better positioned to not only guard against risks, but also enhance the user’s ability to profit from applications, systems, and data. As we continue to work remotely, it’s crucial organizations role out more cybersecurity measures and training to staff to reduce the threat for hackers to take advantage.
Those organizations that commit to good cyber security practice will find themselves better equipped to beat their ‘Bond villain’. From anticipating problems caused by deficient data, addressing financial, technological, and operational challenges, aligning ownership of identity in the organization, and investing in the proper resources from staff and external resources, organizations can channel their ‘inner 007’ and better prepare themselves for every risk thrown their way.
Ben Bulpett, EMEA Identity Platform Director, SailPoint