Four in five companies were hit by a breach in 2017. It is a statistic that sums up the scale of the challenge facing businesses as they try to keep their data secure on variety of fronts from multiple attack methods, writes Paul Walker, Technical Director at IT and identity product firm One Identity.
Part of the problem is a case of network visibility. If you do not know your network and the users on it, how can you begin to detect and prevent them? In this environment of increasing cyber-attacks, it is easy to think that hackers are becoming more sophisticated (and successful) in their attempts to gain access to sensitive systems and data. But it’s also true that one of the biggest weak spots in the majority of organisations is their own network users – in particular, their privileged account holders. More complex networks and policies governing your privileged account holders creates more holes in your network through which a threat could slip undetected.
2. Understand the extent of the privilege threat
The nature of employment is more fluid than ever. Freelancers, contractors and other third party workers are more important to a business than they ever have been. Concurrently, it has become necessary to give these workers privileged access to the business network in order to complete their work effectively. The problem this creates is that it increases the number privileged accounts on the network. In fact, only 41pc of an organisation’s privileged accounts are assigned to permanent employees. Furthermore 71pc of businesses say the number of privileged accounts grew in the last year, and 70pc say that number will grow again in 2018. That is a lot of potential entry points for an attacker. Understanding the extent of this threat, and the likelihood of a data security breach being linked to a privileged account, is a critical step towards better IT security.
3. Control your privileged user pool
This issue looks all the more worrying with the revelation that 67pc of businesses admit it is possible that former employees retain credentials and can access their old organisation’s network, making it harder to maintain network visibility and increasing the organisation’s exposure. With this lack of visibility, it is entirely possible that a business could be unaware that they have been breached. It’s perhaps the strongest sign yet that many IT systems are extremely vulnerable and need to be brought under better control.
4. Educate your employees
There is a tendency to think about attacks purely from an external perspective. But the insider threat can be just as much of an issue. After all, human error is more common than highly advanced schemes. Security is no longer about simply keeping the bad guys out. Security teams must continuously monitor what their own users are doing with their access rights, as part of a comprehensive and cohesive security strategy. Some 73 per cent of people thought that technology struggles to keep up with security threats. Tools and systems cannot guarantee better security. The nature of cybercrime is that it is pushing the boundaries of what is possible or can be detected.
This is why education of employees is so valuable. Simple best practices and habits can make a significant impact in curtailing an organisation’s risk. In our research, 80% of businesses went as far as saying that employee education is more important than technology in the cyber security fight-back. Meanwhile, enforced processes and lines of command around who can grant privileged access also cuts down on the number of unsupervised accounts or devices on the network. This is why regular training and constantly updated IT security policies are essential to getting your IT network under control.
5. Invest in a PAM solution
Traditional security systems are an important defence. But they secure only attacks from the outside. For attacks that take advantage of user credentials and come from within, Privileged Access Management (PAM) are a vital tool. Though according to the findings in our Known Unknowns of Cyber Security report, only 32% of businesses are considering investing in a PAM solution in the next year. PAM tools go beyond password-based authentication, enabling you to monitor user sessions in real time. By using behavioral biometrics, unusual user actions from your privileged users can be quickly flagged, your business is effectively protected against privileged access misuse. With this level of unprecedented control, you can stop hacks before they happen.
Conclusion
Securing your IT solution from threats outside and inside is a difficult situation that requires nuance. Rather than seeing the cybersecurity landscape as a front, it is helpful to think about it as a plane, where tools should support both external threats and internal employees. To get the most out of these tools and give them the best chance of protecting your business, you should ally them to clear security thinking. This means allying them to education and sound business practices to ensure that the number of attack points to secure is reduced.
