You may have seen in the press this week that a major, US-based, cyber security vendor fell victim to a data breach. This particular breach involved compromised employee credentials enabling unauthorised access to company data and proprietary software. Whilst the full impact is unknown at present, this does mean there is a risk of consequential breaches that could occur as a result of the proprietary information and technical 'know how' that was stolen.
The implications of data breaches can be costly for any organisation. From reputational damage to the financial impact, with the average cost coming in at £3.2m in 2021, through system downtime, loss of business, and fines. Not taking into consideration the unknown consequences of loss of intellectual property and technology “secrets”. Our practical advice for any organisation is to regularly review processes around security and user access so that external factors cannot negatively impact the wider business, whether it be private data, financial risk or something else.
Other actions to ensure your enterprise is secure:
- Use Single Sign-On (SSO) to implement passwordless authentication, using open security standards such as SAML and OIDC to replace passwords with secure tokens
- Where passwordless authentication is not yet supported, leverage an Enterprise Password Manager to enforce use of high-entropy and unique passwords
- Enable multi-factor authentication on all business-critical applications or for access to your identity management solution
- Remove redundant user licences.
We encourage all users of any cyber security products to audit the policies and procedures used for managing users and employees. We regularly review our own user processes and would encourage all organisations, based on this latest breach, to do the same. It's not just about technology, it's about people and process too.
Find out more on how organisations are protecting themselves against data breaches.