Phone Number +1-202-802-9399 (US)

Thycotic is now Delinea!

The Lockdown

Thycotic’s Cyber Security Blog

PAM Risk Assessment: your first step to better privileged access control

Written by Joseph Carson

December 12th, 2017

These days Privileged Access Management and Privileged Account Management (PAM) are interchangeable terms that get a lot of attention. There’s a reason why PAM is fast becoming a top-of-mind cybersecurity issue:  up to 80% of cybersecurity breaches are associated with the abuse or misuse of privileged account credentials. And these credentials readily give hackers or malicious insiders access to your “keys to the kingdom.”

Are your privileged accounts at risk? Go straight to the FREE PAM Risk Assessment and get your score now

Hijacked privileged accounts are the riskiest

Hijacked privileged accounts pose the most risk because they give attackers the ability to access and download an organization’s most sensitive data, distribute malware, bypass existing security controls, and erase audit trails to hide their activity. Yet, protecting, auditing and controlling access to privileged accounts is a major challenge for most organizations. This is because privileged accounts exist throughout the enterprise, and in so many instances:

  • service accounts
  • local or domain admin accounts that typically manage Active Directory users
  • sys admin accounts
  • root accounts that manage Unix/Linux platforms
  • accounts that run and manage Windows applications Services such as scheduled tasks, and IIS application pools (.NET applications)

In far too many cases these privileged accounts are managed with shared passwords or default passwords, making them an inviting target for exploitation.

Thycotic’s 2017 Black Hat Survey tells the whole story.  Nearly a third of hackers surveyed said exploiting privileged accounts was the fastest and easiest way to get at critical information assets.

Assess your Privileged Account Risk for Free. It only takes a few minutes and you’ll be glad you did it

To familiarize you with the risks posed by undetected and unprotected privileged accounts, Thycotic has introduced a free online tool that enables you to perform your own PAM Risk Assessment in a matter of minutes.  It then delivers to you a PDF report that details your results in a numerical score and highlights key areas of risk through a color-coded matrix.  So, you get an immediate gauge of your organization’s risk posture associated with Privileged Account Management practices.

This is what the report score looks like:

Privileged Account Risk Assessment Score

And here’s an example of some of the details you’ll see:

Privileged Account Risk Assessment Report

What makes Thycotic’s PAM Risk Assessment so valuable?

Thycotic’s risk assessment is especially valuable because the questions are based on the full spectrum of regulatory and compliance guidelines compiled from organizations such as ISO, NIST, PCI, CIS CSC, and EU General Data Privacy Regulations (GDPR).

There’s nothing like this kind of risk assessment available free of charge that we know of.  It can potentially save you thousands of dollars in consulting fees, and days of effort in producing a similar PAM Risk Assessment based on these industry-leading standards.

It’s an ideal way to get a better understanding of your PAM vulnerabilities, especially for small to medium size organizations that cannot afford the high cost of consulting fees that come with a typical risk assessment.

Best of all, it can be used to start a conversation in your organization about the best ways to protect and manage your privileged accounts.  And, it could help justify the need for more resources and funding to improve your privileged account security.

Get your score now

Take a few minutes now to check out the FREE PAM Risk Assessment and get your score.  It could change the way you manage and secure your privileged access from now on.

FREE Privileged Account Management for Dummies book

FREE Privileged Account Management for Dummies book

Get smart about Privileged Account password security with this quick read