Today, enterprise IT security teams increasingly recognize that compliance does not equal security. Taking a compliance or project approach is not enough to secure a business. Although important, compliance is table stakes in the world of advanced, persistent threats. The sophistication of attackers continues to increase, and they now operate inside of networks – stealing credentials and escalating privileges to reach a goal.
Security requires much more than a “following the auditor” mentality – it requires a holistic program. A great example of this mantra can be found in a recent Computerworld article written by a security manager whose name and company were disguised for obvious reasons. The author discusses the need for his organization to meet requirements for a tougher certification of its credit card-handling practices. Along the way, he was able to prove compliance, but he also discovered the requirements weren’t enough to protect the organization from security risks. He planned to make additional changes as a result.
Used as an attack vector in virtually every advanced targeted attack, it’s widely recognized that unprotected privileged accounts and credentials present critical risks to enterprises. It has become clear that in order to truly protect an organization’s data – and business – from devastating breaches, these privileged accounts and credentials must be secured and managed in order to limit the damage of an attack, to stop lateral movement and to avoid complete network takeovers.
In a short video, CyberArk CMO John Worrall explains that organizations increasingly view privileged account security as a strategic priority – and launch programs not tactical projects. Today, many C-level security professionals have enterprise-wide mandates to address what is now widely viewed as a horizontal risk. Businesses must adapt – add a new layer of security inside the network to secure the IT systems. Businesses run on IT, so the stakes are high if trust is not established and maintained. Watch the video.