As our CyberArk team wraps up a banner week of Impact Live – the world’s largest gathering of privileged access management (PAM) and identity and access management (IAM) professionals – we’re reflecting back on the major themes, takeaways and “Impact-ful” moments from our 14th annual event.
Connecting Our Fast-Growing CyberArk Community
This year, CyberArk Impact was reimagined in an immersive virtual format, enabling attendees from around the globe to join us from the comfort of their homes or offices. While we missed being together in person, we’re thrilled that our packed agenda of over 40 keynotes, breakout and training sessions reached more than 10,000 registered attendees – making this our largest Impact yet!
It was truly incredible to connect and engage with our expanding CyberArk community, helping security leaders and practitioners deepen their expertise and providing actionable insights on PAM and access management solutions and techniques to help them secure their business. If you couldn’t make it this year, tune in for on-demand content anytime!
Navigating the Cybersecurity Challenges of the New Normal
It’s safe to say that the demands on cybersecurity professionals have never been greater. Throughout Impact Live, we heard first-hand accounts of the formidable challenges teams are facing as they defend against unrelenting attacks, while racing to enable new work models. And if their jobs weren’t tough enough already, today’s “new normal” creates even more complexity and urgency. Consider that within a few short months:
- Traditional infrastructure boundaries evaporated (practically overnight) when employees went home to work.
- The attack surface expanded exponentially as organizations ramped up RDP use and cloud adoption spiked to enable remote work.
- Risky security practices by remote employees made security teams’ jobs even harder. For example, 77% of remote employees admit to using insecure, unmanaged personal devices to access corporate systems and including installing corporate VPNs on personal devices.
- While 80% of all data breaches stem from stolen or lost credentials, nearly all of them say they re-use the same passwords across applications and devices.
- Two-thirds of people working from home adopted new collaboration tools like Zoom and Microsoft Teams, which reported significant security vulnerabilities.
- Virtually every geography and industry experienced a sharp increase in opportunistic attacks. While many threat actors employed tried-and-true techniques, others launched new and dangerous attacks, including the MAZE ransomware that crippled some of the world’s largest organizations.
Fueling Our Continued Innovation
We are proud to have been called upon to help restore secure operations to a number of these impacted environments. CyberArk has been referred to as “the second call” in incident response scenarios. This is because comprehensive, centralized privileged access management controls are critical to helping breached organizations regain trust that their environment is secure. As our teams work side-by-side with remediation experts to understand attack patterns, methods and motivations, we’re continuously feeding these invaluable insights back into the products and services we develop.
That’s also why events like Impact Live are so important to us. The insights we gain from cybersecurity leaders on the front lines directly inform our view of the future and strengthen our confidence as we continue to innovate.
Exploring Three Major Themes from Impact Live
Throughout these ongoing conversations – and particularly this week – three resounding themes have emerged:
1. In today’s mobile, digital and cloud world, all identities can become privileged under certain conditions. If not properly secured, they can open doors for attackers – as evidenced by last week’s highly publicized cyber attack on Twitter.
Here’s a brief overview: As part of a highly targeted social engineering attack, Twitter employee credentials were used to gain access to an internal administrative tool, hijack a number of high-profile social media accounts, then post messages to dupe social media users into donating bitcoin payments to fraudulent causes. This attack underscores the challenges many organizations face today in securing the growing number of identities that require privileged access to sensitive information and data.
2. The principles of least privilege are taking hold. Organizations are searching for ways to further reduce standing access, and provide just the right level of access at just the right time using passwordless techniques that don’t disrupt employee workflows.
Sharing Our Identity Security Vision
On Day One of Impact Live, CyberArk Chairman and CEO Udi Mokady took to the keynote stage to share how we’re addressing these three themes, along with our plan to develop an expanded approach to securing identities – one with PAM at its core.
Building on the recent Idaptive acquisition, our Identity Security strategy begins with Zero Trust and uses artificial intelligence to understand context and intent. This approach will help organizations dramatically reduce risk while providing a seamless user experience that will securely enable the business and support any device, application or user – regardless of role or location.
“The traditional approach to managing and securing identities has become obsolete,” Mokady said during the keynote. “The incorporation of the Idaptive technology helps CyberArk extend its foundational strengths in privileged access management, a critical layer to delivering a security-first strategy for protecting access by a range of human, application and machine identities and the services they consume.”
We’re excited about this new chapter and energized by the stories, collaboration, feedback and discussions this week during Impact Live. Over the coming weeks, we’ll be sharing more details on the steps we’re taking to deliver on our Identity Security strategy – like adding support for Idaptive Multi-Factor Authentication across CyberArk products and services. Stay tuned!