Cybersecurity Ratings Part 3: The Third Way

Unfortunately, most businesses are making the fundamental mistake when it comes to authentication and are thinking inside-out, but by thinking outside-in, they would automatically put the Customer first. Until now, strong (and not so strong) authentication to services seems to have been driven by an inside-out way of thinking. The institutions think about what works best for them: what fits into their infrastructure; what is the cheapest yet compliant approach? For customers, this means that they must use what their service provider offers to them. Companies must also be aware of insider risks and by implementing a Zero Trust approach of ‘never trust, always verify’, they can better secure the access to their assets. In this KuppingerCole webinar, we will address the following.

Only with full visibility into employee or third-party activity across a company network can even the earliest indicators of an insider threat be detected. By monitoring both user and file activity, security and compliance professionals can be alerted to risky, out-of-policy activities and any unexplained changes in user behavior in real-time; successfully stopping and investigating any activity before it becomes a full-blown breach. Research from The Ponemon Institute shows that Financial Services organizations face the highest penalty costs of any other industry ($12.05 million annually) when they experience an insider-led incident, though they are closely followed by the Energy & Utilities and Retail sector. This cost alone is a very concrete reason to address what otherwise might seem to be an invisible problem.

The new GigaOm “Phishing Prevention and Detection: A GigaOm Market Landscape Report,” designed to help C(x)Os and security practitioners evaluate phishing prevention solutions, recognizes that mobile endpoints are poised to be the next high-value target for phishing attacks. The majority of mobile endpoints lack protection beyond Mobile Device Management risk assessments; these endpoints are completely exposed to phishing and other attacks.

Organizations in today’s market must strike a balance between competitive differentiation and meeting evolving compliance standards-particularly related to software security. They need to obtain faster release and deployment cycles, improved collaboration between business stakeholders and application development and operations teams, and automation tools. DevOps, an innovative organizational and cultural way of organizing development and IT operations work, is addressing this challenge – driven by mounting evidence of its benefits to the business. However reaping these gains requires rethinking application security to deliver more secure code at DevOps speed.