Protecting the organisation from cybersecurity breaches can be challenging for security teams when there aren’t enough personnel or financial resources to deal with the full scale of threats. The longer companies go without sufficient protection, the more vulnerable businesses become to security breaches. As a result, executives responsible for securing the organisation must be strategic in prioritising the allocation of cybersecurity budgets.
Analyts have predicted that information security spending in Singapore will increase by 10 percent in 2019, outpacing the global market. This rise is attributed to highly publicised data breaches over the last few years that have stoked privacy concerns. As budgets increase, security leaders need to consider which cybersecurity projects and programs should take top priority so that teams can mitigate risk, maintain a strong security posture and open the door to greater operational efficiency. Ultimately, it is about how security can be a business enabler, and not a business blocker. This means applying strong cybersecurity to modern technologies, starting with privileged access management (PAM), for these five important reasons.
1. Privileged access is the entry-point to a company’s most critical assets
A common thread in publicised cyber attacks is how frequently it is connected to privileged access. This is due to how simple it is for hackers to access an organisation’s most valuable assets through this pathway. For example in a typical (albeit unsophisticated) attack scenario, a hacker sends a successful phishing email to an employee to gain access to their device using it as a starting point to then access a server account that uses the same credentials. From there the hacker can move laterally within the network to target critical assets and data, which greatly damages an organisation and disrupts operations.
With more users, devices and applications in digital-first organisations, many security teams struggle to maintain visibility across privileged accounts and credentials in on-premise, cloud and DevOps environments and control access. However, since privileged access is an organisation’s last line of defence in many instances, securing the pathway should be a top priority. Although 81 percent of Singaporean respondents to CyberArk’s latest Global Advanced Threat Landscape report agreed that IT infrastructure and critical data are not fully protected unless privileged accounts, credentials and secrets are secured, only 56 percent had a privileged access security strategy in place.
2. To err is human.
A simple act, such as mistakenly clicking on a phishing email link or unintentionally downloading malicious code, can set off a chain reaction throughout a company network. Not only do people make mistakes, but we are often lax when it comes to strict adherence to security best practices – especially if it impacts productivity. Shortcuts for connecting to sensitive systems, applications and data are common as a result. Cyber attackers are also looking to take advantage of these vulnerabilities by targeting an organisation’s cloud console to immediately gain access to the most critical business applications, rather than breaching a network then camping out in the network for days or weeks. To stop attackers from gaining access through the cloud, PAM is vital.
3. Privilege doesn’t stop with humans.
Enterprises typically have more machines and applications that require privileged access to run various routines and important tasks than actual human users who require privileged access. These non-human identities such as enterprise IT ticketing systems, vulnerability scanners and service accounts must be identified, managed and secured. Technology developments, such as robotic process automation (RPA), that introduce thousands of new non-human identities also expand what hackers can attack in an organisation. A comprehensive privileged access security program will allow organisations to effectively monitor where privileged access exists at every layer, understand which users (both human and non-human) have access to what, detect and alert security teams of malicious or high-risk activity to enhance overall cybersecurity. Additionally, as security teams adopt zero trust frameworks, which protect the most sensitive networks by assuming that every user trying to connect to its systems needed to be verified, PAM becomes more important for security teams.
4. Privilege exists on all employee workstations and endpoints.
Every workstation with administrative account access creates a huge security gap, as cyber attackers increasingly target employee devices. As a result, it is critical to limit access by removing local administrative rights. Additionally, security teams must enforce the principle of least privilege, which means that employees are given the minimum privileges and access required to perform their job functions, and also implement application controls that only allow trusted applications to run. Extending privileged access security to employee devices can reduce the risks associated with them without sacrificing productivity.
5. Audit and compliance revolve around privileged access.
Highly regulated industries, such as banking and healthcare, are required to maintain a comprehensive audit trail of privileged user activity. These mandates come from the enterprise policy level and from industry regulations. Organisations in these sectors must establish individual accountability for all privileged users and have the capability of reviewing privileged sessions according to its potential risk. Many are even required to review a specific percentage of all privileged workloads, but manually identifying high-risk activity can feel like searching for a needle in a haystack. Strong privileged access controls enable security teams to predefine commands, actions and activities, create risk scores and easily pinpoint threats in a manner that dramatically simplifies audit and compliance requirements and saves time.
As Singapore businesses evaluate cybersecurity budgets, PAM investment should rise on security leaders’ priority lists if it has not already. That way organisations can be assured that critical business applications and information are protected from security threats, and that breaches are detected and dealt with sooner.