Almost 90 percent of organizations suffered security incidents in the last three years
A new report shows 89 percent of organizations suffered at least one security incident in the past three years. 52 percent experienced at least four, and 24 percent were victims of an extraordinary 11 incidents.
The 2024 Secure Infrastructure Access from Teleport surveyed 250 senior US and UK decision-makers, assessing enterprise performance in infrastructure access security, dividing respondents into three groups based on a number of factors.
Organizations with well-established infrastructure access security experienced six times fewer incidents, with the top group 'leaders' suffering an average of two incidents over the last three years compared to the 12 suffered by the bottom 'novices' group. 67 percent of novices also feel there have been more incidents over time compared to just 16 percent of leaders.
For 85 percent of organizations, the financial implications of security incidents are becoming increasingly important too. Again, the gulf in outcomes between leaders and novices is significant. Novices are 50 percent more likely to experience costs related to an incident. The estimated annuallized cost of security incidents, calculated by factoring the likelihood each cost was incurred, multiplied by the cost per incident, is $6 million for novices. This is compared to just $637,310 for leaders -- 90 percent less.
"The findings highlight that upfront investment in secure infrastructure access pays off in the long term and that while incidents do occur, exemplary organizations can protect their brand reputation and reduce the cost of incidents, supporting the business outcomes that infrastructure is designed to enable," says Ev Kontsevoy, CEO and co-founder of Teleport.
The study identifies 13 essential safeguards that leaders are more likely to deploy compared to novices, resulting in notably different security outcomes. The most significant being: phishing-resistant passwordless authentication (67 percent more likely), crypto-authenticated identities for systems/resources (62 percent more likely), and crypto-authenticated identities for users (55 percent more likely).
"The best way for companies to avoid unnecessary detrimental business impact is to adopt a defense-in-depth approach, layering multiple security controls to detect, prevent, and respond to threats. Multi-factor authentication, least-privileged access to infrastructure, cryptographic identity, zero-trust access, secretless authentication, and robust identity and policy governance -- these are all things that should be mandatory and enforced," Kontsevoy adds.
The full report is available from the Teleport site.
Image credit: Anyaberkut/Dreamstime.com