Finding the right aspects of cybersecurity to prioritize can present significant challenges. Organizations often lack sufficient resources to deal with emerging threats from both a personnel and budget standpoint. With the limited budgets they do have, security leaders are faced with the “share of wallet challenge.”
Can they effectively utilize existing security investments across complex application stacks and infrastructure while still prioritizing new initiatives? Making matters worse, there’s a never-ending line of solution providers knocking on their doors and competing for time and attention.
Since you cannot do everything, what should you do? When working to prioritize cybersecurity projects and programs, it’s important to think about how security can be a business enabler – not a blocker – for your organization. If you’re a security leader, you want to help drive the conversation with the business about the value of applying strong cybersecurity to modern technologies, not only to mitigate risk and maintain a strong security posture, but also to improve operational efficiencies.
CyberArk recently held a webinar to describe five reasons why securing privileged access is so important and why it should be at the top of your list for security projects and programs for 2019 and beyond. Following are the highlights. To explore these further, and view technical demos, tune in to the on-demand webinar.
- Privileged access is the route to your most critical assets.
In deconstructing publicized cyber attacks, there is often a privileged access-related connection. Privileged access is the gateway to an organization’s most valuable assets and is at the core of nearly every major security breach today.
Here’s a look at a typical (albeit unsophisticated) attack scenario to illustrate this: An attacker sends a successful phishing email to an employee to establish a beachhead of operation on an endpoint. After establishing persistence, the attacker escalates their privileges to gain access to a server account that uses the same credentials. From there, they can move laterally to access target critical assets and data and, ultimately, cause business damage or disruption.
With more users, devices and applications than ever before in digital-first organizations, many security teams are struggling to maintain visibility across their privileged accounts and credentials on-premises, in the cloud and in DevOps environments – let alone manage who has access to what. Yet, privileged access is often an organization’s last line of defense and, therefore, should be the strongest. Securing the privileged access pathway must be top priority.
- To err is human.
Humans are… well, human. It doesn’t take much for someone to mistakenly click on a phishing email link or attachment or unintentionally download malicious code on their machine and set off a chain reaction throughout the network. In fact, the 2019 Verizon DBIR report notes that 32 percent of all breaches involve phishing campaigns.
Not only do people make mistakes, they’re often lax when it comes to strict adherence to security best practices – especially if it impacts their productivity. If they can take shortcuts for connecting to sensitive systems, applications and data, they usually will.
And guess what? Cyber attackers are look to take advantage of ‘low hanging fruit.’ They don’t want to breach a network and then camp out for days or weeks if they don’t have to.
- Privilege doesn’t stop with humans.
In a typical enterprise, the machines and applications that require privileged access to run various routine and important tasks vastly outnumber the actual human users that require privileged access. These non-human identities – from enterprise IT ticketing systems to vulnerability scanners to service accounts – need to be discovered, managed and secured.
As organizations extend their digital transformation strategies to include things like robotic process automation (RPA), they introduce hundreds – even thousands – of new non-human identities that require privileged access and, consequently, expand the attack surface. Managing all of these identities is increasingly important as organizations embrace Zero Trust frameworks.
Implementing a comprehensive privileged access management program will allow your organization to effectively monitor where privileged access exists at every layer, understand which users (both human and non-human) have access to what, detect and alert on malicious or high-risk activity and enhance overall cybersecurity.
- Privilege exists on all employee workstations and endpoints.
Having administrative account access on every workstation creates a huge security gap, as cyber attackers increasingly target the endpoint. Limiting access by removing local administrative rights is critical. It’s a security best practice and, fortunately, it can be easy to do. But it doesn’t stop there.
It’s critical to enforce the principle of least privilege (POLP), giving employees the minimum privileges and access required to perform their job functions. It’s also essential to implement application control to block known malicious applications from running, restrict (or greylist) unknown applications and allow only trusted applications to run.
Extending privileged access management to your organization’s endpoints can help reduce risk by eliminating unnecessary local admin privileges, blocking privileged credential theft attempts and ransomware attacks, auditing malicious behavior and strengthening the security of privileged accounts – all without sacrificing user productivity.
- Audit and compliance revolve around privileged access.
Highly regulated industries like banking and healthcare are required to maintain a comprehensive audit trail of privileged user activity. These mandates come at both the enterprise policy level and from industry regulations and compliance frameworks.
There’s a critical need for these organizations to establish individual accountability for all privileged users while also having the ability to review privileged sessions based on risk. Many organizations are required to review a specific percentage of all their privileged workloads, though trying to identify high-risk activity manually can feel like searching for a needle in a haystack.
Implementing strong privileged access controls that enable you to predefine commands, actions and activities, create risk scores and easily pinpoint threats helps to dramatically simplify audit and compliance requirements and save time.