Security isn’t a one-time investment: 3 key areas where most organizations fail

Security isn’t a one-time investment: 3 key areas where most organizations fail

Your management team says that the time has come to invest in your organization’s cybersecurity. Your operations team agrees and says they are committed to security. Your IT team says that an IAM would help to secure your data and application, and identifies customizable IAM solutions, such as Akku, for investment.

So far, so good. But does that complete the job from your team’s end?

Even if your organization’s management and users believe that they are totally committed to improving cybersecurity, many of our recent IAM implementations have brought up some interesting issues of organization productivity.

Low priority on training

Many corporates believe that their employees – young, apparently tech-savvy, living in metropolitan areas – are sufficiently aware of all necessary cybersecurity measures. They believe that their teams are equipped to set up strong passwords, manage their own multi-factor authentication, avoid phishing attacks and browse through only secure web pages.

Some businesses, especially very large enterprises, do understand that cybersecurity training is necessary. However, others (regardless of size) often don’t feel it’s important for workers to take time out from their regular routines to focus on security. This is a prioritization issue, not one of budgets or resources. It can result in a number of security issues, including in terms of secure access to applications and data. No matter how technologically aware your team is, no one knows everything. It’s important to keep your learners up-to-date with regular cybersecurity training.

Fear of adoption

For a simple example, consider single sign-on (SSO). Single sign-on is an efficient way to log on to multiple applications. Using 2FA or MFA (two-factor or multi-factor authentication), single sign-on is secure as well as easy. However, if your team has never used such tech before, it can be bewildering. In our experience, 75-80% of corporate users don’t know how to use SSO without training. Post implementation of Akku, our team has occasionally offered training on how to use SSO and multi-factor authentication in the past. 

When we speak to our customers, we find that in many cases, fear of adoption is a bigger hurdle than cost of implementation or features provided by the IAM. They believe that their workers simply don’t know how to use MFA, and that it’s too much effort to provide regular updates and training to fix this gap.

In our experience, fear of adoption prevents more investments in cybersecurity applications than budget or other concerns.

Prioritizing productivity over security

While Akku or other IAM solutions secure access to applications and data, there is a certain amount of involvement needed from your IT team. A classic example is the password change self-service functionality. This functionality allows your users to manage, update and change their own passwords. 

At Akku, our policy is against self-service for password management. This is an intentional choice as it risks allowing users to set weak security questions or repeat common passwords used in other personal accounts. This, further, risks hacking through social engineering or credential stuffing attacks. In addition, when users know that they can reset their passwords at any time, they feel that their responsibility to secure their account and credentials is not as urgent. When they have to disturb their IT administrator every time they forget their password, this feels like a much more serious problem!

However, centralization of password management is inefficient for IT admin teams. In our experience, around 0.2% of users forget their passwords, every day. For an enterprise of 5,000 users, that results in upto 10 password reset requests, every day. As a result, some organizations tend to prioritize team efficiency or productivity over cybersecurity, by allowing users to manage their own passwords.

This raises the question: are you prioritizing your cybersecurity or team productivity? At the end of the day, you are responsible for your own cybersecurity. Taking the decision to invest in Akku or any other security infrastructure is an important step, but you need to keep the focus on cybersecurity on an ongoing basis. 

Security is a long term commitment, not addressed by a single investment. Talk to our team today for a holistic consultation on the next steps towards a more secure organization.